Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Tagasaurus [RESOLVED]

Started by twism7 , Apr 12 2006 08:00 PM

  • This topic is locked This topic is locked

#16
twism7
Posted 28 April 2006 - 11:49 AM

twism7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Startuplist continued

C:\WINDOWS\System32\ndptsp.tsp
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\System32\netcfgx.dll
c:\windows\system32\netman.dll
c:\windows\system32\netshell.dll
C:\WINDOWS\system32\ntdll.dll
c:\windows\system32\NTDSAPI.dll
C:\WINDOWS\System32\ntlsapi.dll
C:\WINDOWS\System32\NTMARTA.DLL
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
c:\windows\system32\POWRPROF.dll
c:\windows\system32\PSAPI.DLL
c:\windows\system32\qmgr.dll
C:\WINDOWS\System32\qmgrprxy.dll
C:\WINDOWS\System32\rasadhlp.dll
C:\WINDOWS\System32\RASAPI32.dll
C:\WINDOWS\System32\raschap.dll
C:\WINDOWS\System32\RASDLG.dll
C:\WINDOWS\System32\rasman.dll
C:\WINDOWS\System32\rasmans.dll
C:\WINDOWS\System32\rasppp.dll
C:\WINDOWS\System32\rastapi.dll
C:\WINDOWS\System32\rastls.dll
C:\WINDOWS\System32\RESUTILS.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\System32\rsaenh.dll
c:\windows\system32\rtutils.dll
C:\WINDOWS\System32\SAMLIB.dll
C:\WINDOWS\System32\SCHANNEL.dll
c:\windows\system32\schedsvc.dll
c:\windows\system32\seclogon.dll
c:\windows\system32\Secur32.dll
c:\windows\system32\sens.dll
C:\WINDOWS\System32\serwvdrv.dll
C:\WINDOWS\System32\SETUPAPI.dll
C:\WINDOWS\System32\sfc.dll
C:\WINDOWS\System32\sfc_os.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\System32\SHFOLDER.dll
C:\WINDOWS\System32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
c:\windows\system32\shsvcs.dll
c:\windows\system32\srsvc.dll
c:\windows\system32\srvsvc.dll
C:\WINDOWS\System32\SSDPAPI.dll
C:\WINDOWS\System32\SXS.DLL
C:\WINDOWS\System32\TAPI32.dll
c:\windows\system32\tapisrv.dll
c:\windows\system32\trkwks.dll
C:\WINDOWS\System32\umdmxfrm.dll
C:\WINDOWS\System32\unimdm.tsp
C:\WINDOWS\System32\unimdmat.dll
C:\WINDOWS\System32\uniplat.dll
C:\WINDOWS\System32\upnp.dll
C:\WINDOWS\system32\urlmon.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\System32\USP10.dll
C:\WINDOWS\System32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\VSSAPI.DLL
c:\windows\system32\w32time.dll
C:\WINDOWS\System32\Wbem\esscli.dll
C:\WINDOWS\System32\Wbem\FastProx.dll
C:\WINDOWS\System32\wbem\repdrvfs.dll
C:\WINDOWS\System32\wbem\wbemcomn.dll
C:\WINDOWS\System32\Wbem\wbemcore.dll
C:\WINDOWS\System32\wbem\wbemess.dll
C:\WINDOWS\System32\wbem\wbemsvc.dll
C:\WINDOWS\System32\wbem\wmiprvsd.dll
c:\windows\system32\wbem\wmisvc.dll
C:\WINDOWS\System32\wbem\wmiutils.dll
C:\WINDOWS\System32\WINHTTP.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\System32\WINIPSEC.DLL
C:\WINDOWS\System32\WINMM.dll
C:\WINDOWS\System32\winrnr.dll
C:\WINDOWS\System32\WinSCard.dll
C:\WINDOWS\System32\WINSPOOL.DRV
C:\WINDOWS\System32\WINSTA.dll
C:\WINDOWS\system32\WINTRUST.dll
c:\windows\system32\wkssvc.dll
C:\WINDOWS\system32\WLDAP32.dll
c:\windows\system32\WMI.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\windows\system32\wscsvc.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\system32\WSOCK32.dll
c:\windows\system32\WTSAPI32.dll
C:\WINDOWS\system32\wuaueng.dll
c:\windows\system32\wuauserv.dll
c:\windows\system32\WZCSAPI.DLL
c:\windows\system32\wzcsvc.dll
C:\WINDOWS\System32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\WINDOWS\System32\svchost.exe (41)]
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\System32\actxprxy.dll
C:\WINDOWS\system32\ADVAPI32.dll
c:\windows\system32\CFGMGR32.dll
C:\WINDOWS\System32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\System32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\System32\LPK.DLL
C:\WINDOWS\System32\MSACM32.dll
C:\WINDOWS\system32\MSASN1.dll
c:\windows\system32\mscms.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\System32\serwvdrv.dll
c:\windows\system32\setupapi.DLL
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\System32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\System32\sti.dll
C:\WINDOWS\System32\umdmxfrm.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\System32\USP10.dll
C:\WINDOWS\System32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
c:\windows\system32\wiaservc.dll
C:\WINDOWS\System32\WINMM.dll
c:\windows\system32\WINSPOOL.DRV
c:\windows\system32\WINSTA.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\System32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\WINDOWS\system32\svchost.exe (55)]
C:\WINDOWS\AppPatch\AcGenral.DLL
c:\windows\system32\ACTIVEDS.dll
c:\windows\system32\adsldpc.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\Apphelp.dll
c:\windows\system32\ATL.DLL
c:\windows\system32\AUTHZ.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\GDI32.dll
c:\windows\system32\ICAAPI.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\MSASN1.dll
c:\windows\system32\mstlsapi.dll
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTMARTA.DLL
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\REGAPI.dll
C:\WINDOWS\system32\RPCRT4.dll
c:\windows\system32\rpcss.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\SAMLIB.dll
c:\windows\system32\Secur32.dll
C:\WINDOWS\system32\serwvdrv.dll
c:\windows\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
c:\windows\system32\termsrv.dll
C:\WINDOWS\system32\umdmxfrm.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WLDAP32.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
C:\WINDOWS\system32\WTSAPI32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\WINDOWS\System32\ups.exe (28)]
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\System32\apcups.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\System32\LPK.DLL
C:\WINDOWS\System32\MSACM32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\System32\POWRPROF.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\System32\serwvdrv.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\System32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\System32\umdmxfrm.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\System32\USP10.dll
C:\WINDOWS\System32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\System32\WINMM.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\WINDOWS\system32\winlogon.exe (67)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\Apphelp.dll
C:\WINDOWS\system32\AUTHZ.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\cscdll.dll
C:\WINDOWS\system32\cscui.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\midimap.dll
C:\WINDOWS\system32\MPR.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\msacm32.drv
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\MSGINA.dll
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NDdeApi.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTMARTA.DLL
C:\WINDOWS\system32\ODBC32.dll
C:\WINDOWS\system32\odbcint.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PROFMAP.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\REGAPI.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\serwvdrv.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\sfc.dll
C:\WINDOWS\system32\sfc_os.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\SHSVCS.dll
C:\WINDOWS\system32\sxs.dll
C:\WINDOWS\system32\umdmxfrm.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\wdmaud.drv
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WINSCARD.DLL
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WlNotify.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\WTSAPI32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[C:\WINDOWS\system32\wscntfy.exe (17)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

--------------------

Autostart folders:

[Startup (2)]
DESKTOP.INI
PowerChute.lnk

[User Startup (2)]
DESKTOP.INI
PowerChute.lnk

[Common Startup (1)]
DESKTOP.INI

[User Common Startup (1)]
DESKTOP.INI

--------------------

Task Scheduler jobs (2):

Norton AntiVirus - Scan my computer.job
Symantec NetDetect.job

--------------------

IniMapping values:

System NT shell = explorer.exe
User screensaver = C:\WINDOWS\System32\ssflwbox.scr

--------------------

Autostarting batch files:

[autoexec.nt]
@echo off
lh %SystemRoot%\system32\mscdexnt.exe
lh %SystemRoot%\system32\redir
lh %SystemRoot%\system32\dosx
SET BLASTER=A220 I5 D1 P330 T3

[config.nt]
dos=high, umb
device=%SystemRoot%\system32\himem.sys
files=40

--------------------

On-reboot actions:

[Wininit.ini]
[rename]
DOWS\downlo~1\ymsgrins.exe
NUL=C:\WINDOWS\downlo~1\ymsgrins.exe

BootExecute = autocheck autochk *

--------------------

Shell commands:

.bat - MS-DOS Batch File - "%1" %*
.cmd - Windows NT Command Script - "%1" %*
.com - MS-DOS Application - "%1" %*
.exe - Application - "%1" %*
.hta - HTML Application - C:\WINDOWS\System32\mshta.exe "%1" %*
.js - JScript Script File - C:\WINDOWS\System32\WScript.exe "%1" %*
.jse - JScript Encoded Script File - C:\WINDOWS\System32\WScript.exe "%1" %*
.pif - Shortcut to MS-DOS Program - "%1" %*
.scr - Screen Saver - "%1" /S
.txt - Text Document - C:\WINDOWS\system32\NOTEPAD.EXE %1
.vbe - VBScript Encoded Script File - C:\WINDOWS\System32\WScript.exe "%1" %*
.vbs - VBScript Script File - C:\WINDOWS\System32\WScript.exe "%1" %*
.wsf - Windows Script File - C:\WINDOWS\System32\WScript.exe "%1" %*
.wsh - Windows Script Host Settings File - C:\WINDOWS\System32\WScript.exe "%1" %*

--------------------

Services:

[NT Services (40)]
APC UPS Service = C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
Ati HotKey Poller = C:\WINDOWS\system32\Ati2evxx.exe
ATI Smart = C:\WINDOWS\SYSTEM32\ati2sgag.exe
Automatic Updates = C:\WINDOWS\system32\svchost.exe -k netsvcs
Computer Browser = C:\WINDOWS\System32\svchost.exe -k netsvcs
Cryptographic Services = C:\WINDOWS\system32\svchost.exe -k netsvcs
DCOM Server Process Launcher = C:\WINDOWS\system32\svchost -k DcomLaunch
DHCP Client = C:\WINDOWS\System32\svchost.exe -k netsvcs
Distributed Link Tracking Client = C:\WINDOWS\system32\svchost.exe -k netsvcs
DNS Client = C:\WINDOWS\System32\svchost.exe -k NetworkService
Error Reporting Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
Event Log = C:\WINDOWS\system32\services.exe
Help and Support = C:\WINDOWS\System32\svchost.exe -k netsvcs
IPSEC Services = C:\WINDOWS\System32\lsass.exe
Norton AntiVirus Auto Protect Service = C:\Program Files\Norton AntiVirus\navapsvc.exe
Plug and Play = C:\WINDOWS\system32\services.exe
Print Spooler = C:\WINDOWS\system32\spoolsv.exe
Protected Storage = C:\WINDOWS\system32\lsass.exe
Remote Procedure Call (RPC) = C:\WINDOWS\system32\svchost -k rpcss
ScriptBlocking Service = C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
Secondary Logon = C:\WINDOWS\System32\svchost.exe -k netsvcs
Security Accounts Manager = C:\WINDOWS\system32\lsass.exe
Security Center = C:\WINDOWS\System32\svchost.exe -k netsvcs
Server = C:\WINDOWS\System32\svchost.exe -k netsvcs
Shell Hardware Detection = C:\WINDOWS\System32\svchost.exe -k netsvcs
System Event Notification = C:\WINDOWS\system32\svchost.exe -k netsvcs
System Restore Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
Task Scheduler = C:\WINDOWS\System32\svchost.exe -k netsvcs
TCP/IP NetBIOS Helper = C:\WINDOWS\System32\svchost.exe -k LocalService
Themes = C:\WINDOWS\System32\svchost.exe -k netsvcs
Uninterruptible Power Supply = C:\WINDOWS\System32\ups.exe
WebClient = C:\WINDOWS\System32\svchost.exe -k LocalService
Windows Audio = C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Firewall/Internet Connection Sharing (ICS) = C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Image Acquisition (WIA) = C:\WINDOWS\System32\svchost.exe -k imgsvc
Windows Management Instrumentation = C:\WINDOWS\system32\svchost.exe -k netsvcs
Windows Time = C:\WINDOWS\system32\svchost.exe -k netsvcs
Windows User Mode Driver Framework = C:\WINDOWS\system32\wdfmgr.exe
Wireless Zero Configuration = C:\WINDOWS\System32\svchost.exe -k netsvcs
Workstation = C:\WINDOWS\System32\svchost.exe -k netsvcs

[VxD Services (1)]
JAVASUP = JAVASUP.VXD

[SafeBoot services (Minimal boot)]
* CD-ROM Drive *
{4D36E965-E325-11CE-BFC1-08002BE10318}

* DiskDrive *
{4D36E967-E325-11CE-BFC1-08002BE10318}

* Driver *
dmboot.sys
dmio.sys
dmload.sys
sermouse.sys
vga.sys
vgasave.sys

* Driver Group *
Base
Boot Bus Extender
Boot file system
File system
Filter
PCI Configuration
PNP Filter
Primary disk
SCSI Class
System Bus Extender

* Floppy disk drive *
{4D36E980-E325-11CE-BFC1-08002BE10318}

* FSFilter System Recovery *
sr.sys

* Hdc *
{4D36E96A-E325-11CE-BFC1-08002BE10318}

* Human Interface Devices *
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

* Keyboard *
{4D36E96B-E325-11CE-BFC1-08002BE10318}

* Mouse *
{4D36E96F-E325-11CE-BFC1-08002BE10318}

* PCMCIA Adapters *
{4D36E977-E325-11CE-BFC1-08002BE10318}

* SCSIAdapter *
{4D36E97B-E325-11CE-BFC1-08002BE10318}

* Service *
AppMgmt
CryptSvc
DcomLaunch
dmadmin
dmserver
EventLog
HelpSvc
Netlogon
PlugPlay
RpcSs
SRService
vds
WinMgmt

* Standard floppy disk controller *
{4D36E969-E325-11CE-BFC1-08002BE10318}

* System *
{4D36E97D-E325-11CE-BFC1-08002BE10318}

* Universal Serial Bus controllers *
{36FC9E60-C465-11CF-8056-444553540000}

* Volume *
{71A27CDD-812A-11D0-BEC7-08002BE2092F}

* Volume shadow copy *
{533C5B84-EC70-11D2-9505-00C04F79DEAF}


[SafeBoot services (Minimal boot + network support)]
* CD-ROM Drive *
{4D36E965-E325-11CE-BFC1-08002BE10318}

* DiskDrive *
{4D36E967-E325-11CE-BFC1-08002BE10318}

* Driver *
dmboot.sys
dmio.sys
dmload.sys
ip6fw.sys
ipnat.sys
rdpcdd.sys
rdpdd.sys
rdpwd.sys
sermouse.sys
tdpipe.sys
tdtcp.sys
vga.sys
vgasave.sys

* Driver Group *
Base
Boot Bus Extender
Boot file system
File system
Filter
NDIS
NDIS Wrapper
NetBIOSGroup
NetDDEGroup
Network
NetworkProvider
PCI Configuration
PNP Filter
PNP_TDI
Primary disk
SCSI Class
Streams Drivers
System Bus Extender
TDI

* Floppy disk drive *
{4D36E980-E325-11CE-BFC1-08002BE10318}

* FSFilter System Recovery *
sr.sys

* Hdc *
{4D36E96A-E325-11CE-BFC1-08002BE10318}

* Human Interface Devices *
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

* Keyboard *
{4D36E96B-E325-11CE-BFC1-08002BE10318}

* Mouse *
{4D36E96F-E325-11CE-BFC1-08002BE10318}

* Net *
{4D36E972-E325-11CE-BFC1-08002BE10318}

* NetClient *
{4D36E973-E325-11CE-BFC1-08002BE10318}

* NetService *
{4D36E974-E325-11CE-BFC1-08002BE10318}

* NetTrans *
{4D36E975-E325-11CE-BFC1-08002BE10318}

* PCMCIA Adapters *
{4D36E977-E325-11CE-BFC1-08002BE10318}

* SCSIAdapter *
{4D36E97B-E325-11CE-BFC1-08002BE10318}

* Service *
AFD
AppMgmt
Browser
CryptSvc
DcomLaunch
Dhcp
dmadmin
dmserver
DnsCache
EventLog
HelpSvc
LanmanServer
LanmanWorkstation
LmHosts
Messenger
Ndisuio
NetBIOS
NetBT
Netlogon
NetMan
NtLmSsp
PlugPlay
rdsessmgr
RpcSs
sharedaccess
SRService
SYMTDI
Tcpip
termservice
UploadMgr
WinMgmt
WZCSVC

* Standard floppy disk controller *
{4D36E969-E325-11CE-BFC1-08002BE10318}

* System *
{4D36E97D-E325-11CE-BFC1-08002BE10318}

* Universal Serial Bus controllers *
{36FC9E60-C465-11CF-8056-444553540000}

* Volume *
{71A27CDD-812A-11D0-BEC7-08002BE2092F}


[SafeBoot: Alternate shell]
cmd.exe (not enabled)

--------------------

Driver filters:

[Class filters]
* Disk drives *
- Upper filters
PartMgr.sys

* DVD/CD-ROM drives *
- Upper filters
pwd_2k.sys
Cdralw2k.sys
GEARAspiWDM.sys

- Lower filters
PxHelp20.sys
Pfc.sys
Cdr4_xp.sys

* Infrared devices *
- Upper filters
IRENUM.sys

* Keyboards *
- Upper filters
kbdclass.sys

* Mice and other pointing devices *
- Upper filters
mouclass.sys

* Storage volumes *
- Upper filters
VolSnap.sys

* Universal Serial Bus controllers *
- Upper filters
hpusbfd.sys



[Device filters]
* BCM V.92 56K Voicemodem *
- Lower filters
BCMModem.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

- Lower filters
imapi.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

* Communications Port *
- Upper filters
serenum.sys

* Communications Port *
- Upper filters
serenum.sys

* Direct Parallel *
- Lower filters
PtiLink.sys

* Intel® 82820 Processor to AGP Controller *
- Upper filters
AGP440.sys

* Intel® 82850/82860 Processor to AGP Controller - 2532 *
- Upper filters
AGP440.sys

* Sony DSC *
- Lower filters
SONYPVU1.sys

* Sony DSC *
- Lower filters
SONYPVU1.sys

* Terminal Server Keyboard Driver *
- Upper filters
kbdclass.sys

* Terminal Server Mouse Driver *
- Upper filters
mouclass.sys

* WAN Miniport (IP) *
- Lower filters
NdisTapi.sys

* WAN Miniport (PPPOE) *
- Lower filters
NdisTapi.sys

* WAN Miniport (PPTP) *
- Lower filters
NdisTapi.sys



--------------------

Print monitors (5):

BJ Language Monitor - cnbjmon.dll
Local Port - localspl.dll
PJL Language Monitor - pjlmon.dll
Standard TCP/IP Port - tcpmon.dll
USB Monitor - usbmon.dll

--------------------

WinLogon autoruns:

UserInit = C:\WINDOWS\SYSTEM32\Userinit.exe,
VmApplet = rundll32 shell32,Control_RunDLL "sysdm.cpl"

[Notify (9)]
crypt32chain = crypt32.dll
cryptnet = cryptnet.dll
cscdll = cscdll.dll
ScCertProp = wlnotify.dll
Schedule = wlnotify.dll
sclgntfy = sclgntfy.dll
SensLogn = WlNotify.dll
termsrv = wlnotify.dll
wlballoon = wlnotify.dll

[Group policy extensions (6)]
Microsoft Disk Quota = dskquota.dll
Internet Explorer Zonemapping = iedkcs32.dll
Security = scecli.dll
Internet Explorer Branding = iedkcs32.dll
EFS recovery = scecli.dll
Software Installation = appmgmts.dll

--------------------

Policies:

[This user]
* Primary policies *
- (2)
HTTP11SAVED = dword: 0
HTTP11SAVED_VAL = dword: 0

* Alternate policies *
- Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1)
NoDriveTypeAutoRun = dword: 145

- (2)
HTTP11SAVED = dword: 0
HTTP11SAVED_VAL = dword: 0



[All users]
* Primary policies *
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = MTE3NDI6ODoxNg
{645FF040-5081-101B-9F08-00AA002F954E} = dword: 0
{6BF52A52-394A-11D3-B153-00C04F79FAA6} = dword: 6
- Software\Policies\Microsoft\Messenger\Client (1)
PreventAutoRun = dword: 1

- Software\Policies\Microsoft\Windows\Installer (1)
EnableAdminTSRemote = dword: 1

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{72385235-70fa-11d1-864c-14a300000000} (7)
ClassName = ipsecFilter
description = Matches all ICMP packets between this computer and any other computer.
name = ipsecFilter{72385235-70fa-11d1-864c-14a300000000}
ipsecName = All ICMP Traffic
ipsecID = {72385235-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 999272659

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{7238523a-70fa-11d1-864c-14a300000000} (7)
ClassName = ipsecFilter
description = Matches all IP packets from this computer to any other computer, except broadcast, multicast, Kerberos, RSVP and ISAKMP (IKE).
name = ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}
ipsecName = All IP Traffic
ipsecID = {7238523a-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 999272659

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000} (5)
ClassName = ipsecISAKMPPolicy
name = ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000}
ipsecID = {72385231-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 999272659

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000} (5)
ClassName = ipsecISAKMPPolicy
name = ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000}
ipsecID = {72385234-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 999272659

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000} (5)
ClassName = ipsecISAKMPPolicy
name = ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000}
ipsecID = {72385237-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 999272659

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000} (5)
ClassName = ipsecISAKMPPolicy
name = ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000}
ipsecID = {7238523d-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 999272659

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{40b0f9d5-d2cb-410d-a1a4-8dd8261a3f5c} (7)
ClassName = ipsecNegotiationPolicy
name = ipsecNegotiationPolicy{40b0f9d5-d2cb-410d-a1a4-8dd8261a3f5c}
ipsecID = {40b0f9d5-d2cb-410d-a1a4-8dd8261a3f5c}
ipsecNegotiationPolicyAction = {8a171dd3-77e3-11d1-8659-a04f00000000}
ipsecNegotiationPolicyType = {62f49e13-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 999272659

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{6387a14c-a618-419c-81e5-768882ec464f} (7)
ClassName = ipsecNegotiationPolicy
name = ipsecNegotiationPolicy{6387a14c-a618-419c-81e5-768882ec464f}
ipsecID = {6387a14c-a618-419c-81e5-768882ec464f}
ipsecNegotiationPolicyAction = {8a171dd3-77e3-11d1-8659-a04f00000000}
ipsecNegotiationPolicyType = {62f49e13-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 999272659

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000} (9)
ClassName = ipsecNegotiationPolicy
description = Accepts unsecured communication, but requests clients to establish trust and security methods. Will communicate insecurely to untrusted clients if they do not respond to request.
name = ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}
ipsecName = Request Security (Optional)
ipsecID = {72385233-70fa-11d1-864c-14a300000000}
ipsecNegotiationPolicyAction = {3f91a81a-7647-11d1-864d-d46a00000000}
ipsecNegotiationPolicyType = {62f49e10-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 999272659

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000} (9)
ClassName = ipsecNegotiationPolicy
description = Permit unsecured IP packets to pass through.
name = ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}
ipsecName = Permit
ipsecID = {7238523b-70fa-11d1-864c-14a300000000}
ipsecNegotiationPolicyAction = {8a171dd2-77e3-11d1-8659-a04f00000000}
ipsecNegotiationPolicyType = {62f49e10-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 999272659

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000} (9)
ClassName = ipsecNegotiationPolicy
description = Accepts unsecured communication, but always requires clients to establish trust and security methods. Will NOT communicate with untrusted clients.
name = ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}
ipsecName = Require Security
ipsecID = {7238523f-70fa-11d1-864c-14a300000000}
ipsecNegotiationPolicyAction = {3f91a81a-7647-11d1-864d-d46a00000000}
ipsecNegotiationPolicyType = {62f49e10-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 999272659

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{ad1ba967-4b6c-4fd3-8e0e-d06bd944888f} (7)
ClassName = ipsecNegotiationPolicy
name = ipsecNegotiationPolicy{ad1ba967-4b6c-4fd3-8e0e-d06bd944888f}
ipsecID = {ad1ba967-4b6c-4fd3-8e0e-d06bd944888f}
ipsecNegotiationPolicyAction = {8a171dd3-77e3-11d1-8659-a04f00000000}
ipsecNegotiationPolicyType = {62f49e13-6c37-11d1-864c-14a300000000}
ipsecDataType = dword: 256
whenChanged = dword: 999272659

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{4aca9231-fbf8-45fe-8466-8f2548014ef9} (8)
ClassName = ipsecNFA
name = ipsecNFA{4aca9231-fbf8-45fe-8466-8f2548014ef9}
ipsecName = Require Security
description = Accepts unsecured communication, but always requires clients to establish trust and security methods. Will NOT communicate with untrusted clients.
ipsecID = {4aca9231-fbf8-45fe-8466-8f2548014ef9}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}
whenChanged = dword: 999272659

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{4c21429b-5694-4d9b-bd6e-dbbd0749bcdb} (8)
ClassName = ipsecNFA
name = ipsecNFA{4c21429b-5694-4d9b-bd6e-dbbd0749bcdb}
ipsecName = Request Security (Optional) Rule
description = For all IP traffic, always request security using Kerberos trust. Allow unsecured communication with clients that do not respond to request.
ipsecID = {4c21429b-5694-4d9b-bd6e-dbbd0749bcdb}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}
whenChanged = dword: 999272659

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{75bf353c-73a1-4e2d-999c-7d5a4bd319f1} (6)
ClassName = ipsecNFA
name = ipsecNFA{75bf353c-73a1-4e2d-999c-7d5a4bd319f1}
ipsecID = {75bf353c-73a1-4e2d-999c-7d5a4bd319f1}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{ad1ba967-4b6c-4fd3-8e0e-d06bd944888f}
whenChanged = dword: 999272659

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{94ba99de-3257-468f-ab44-ff798737a12b} (8)
ClassName = ipsecNFA
name = ipsecNFA{94ba99de-3257-468f-ab44-ff798737a12b}
ipsecName = Permit unsecure ICMP packets to pass through.
description = Permit unsecure ICMP packets to pass through.
ipsecID = {94ba99de-3257-468f-ab44-ff798737a12b}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}
whenChanged = dword: 999272659

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{9c28d0b8-0f47-4be9-bb81-d1484d2c0d8a} (6)
ClassName = ipsecNFA
name = ipsecNFA{9c28d0b8-0f47-4be9-bb81-d1484d2c0d8a}
ipsecID = {9c28d0b8-0f47-4be9-bb81-d1484d2c0d8a}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{6387a14c-a618-419c-81e5-768882ec464f}
whenChanged = dword: 999272659

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{e4e484f2-55dd-40cd-b9b7-be402c38466b} (8)
ClassName = ipsecNFA
name = ipsecNFA{e4e484f2-55dd-40cd-b9b7-be402c38466b}
ipsecName = Permit unsecure ICMP packets to pass through.
description = Permit unsecure ICMP packets to pass through.
ipsecID = {e4e484f2-55dd-40cd-b9b7-be402c38466b}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}
whenChanged = dword: 999272659

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{ef759e6a-4aa9-4286-a65a-7a4e44c86f2f} (6)
ClassName = ipsecNFA
name = ipsecNFA{ef759e6a-4aa9-4286-a65a-7a4e44c86f2f}
ipsecID = {ef759e6a-4aa9-4286-a65a-7a4e44c86f2f}
ipsecDataType = dword: 256
ipsecNegotiationPolicyReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{40b0f9d5-d2cb-410d-a1a4-8dd8261a3f5c}
whenChanged = dword: 999272659

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385230-70fa-11d1-864c-14a300000000} (8)
ClassName = ipsecPolicy
description = For all IP traffic, always request security using Kerberos trust. Allow unsecured communication with clients that do not respond to request.
name = ipsecPolicy{72385230-70fa-11d1-864c-14a300000000}
ipsecName = Server (Request Security)
ipsecID = {72385230-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
ipsecISAKMPReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385231-70fa-11d1-864c-14a300000000}
whenChanged = dword: 999272659

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385236-70fa-11d1-864c-14a300000000} (8)
ClassName = ipsecPolicy
description = Communicate normally (unsecured). Use the default response rule to negotiate with servers that request security. Only the requested protocol and port traffic with that server is secured.
name = ipsecPolicy{72385236-70fa-11d1-864c-14a300000000}
ipsecName = Client (Respond Only)
ipsecID = {72385236-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
ipsecISAKMPReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{72385237-70fa-11d1-864c-14a300000000}
whenChanged = dword: 999272659

- Software\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{7238523c-70fa-11d1-864c-14a300000000} (8)
ClassName = ipsecPolicy
description = For all IP traffic, always require security using Kerberos trust. Do NOT allow unsecured communication with untrusted clients.
name = ipsecPolicy{7238523c-70fa-11d1-864c-14a300000000}
ipsecName = Secure Server (Require Security)
ipsecID = {7238523c-70fa-11d1-864c-14a300000000}
ipsecDataType = dword: 256
ipsecISAKMPReference = SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{7238523d-70fa-11d1-864c-14a300000000}
whenChanged = dword: 999272659

- Software\Policies\Microsoft\Windows\RTC\PortRange (1)
Enabled = dword: 0

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers (4)
TransparentEnabled = dword: 1
DefaultLevel = dword: 262144
AuthenticodeEnabled = dword: 0
PolicyScope = dword: 0

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328} (4)
Description = Stop the download of this file
FriendlyName = Mdac11.cab
SaferFlags = dword: 0
HashAlg = dword: 32771

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91} (4)
Description = Stop the download of this file
FriendlyName = mdac20.cab
SaferFlags = dword: 0
HashAlg = dword: 32771

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f} (4)
Description = Stop the download of this file
FriendlyName = mdac20_a.cab
SaferFlags = dword: 0
HashAlg = dword: 32771

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d} (4)
Description = Stop the download of this file
FriendlyName = _msadc10.cab
SaferFlags = dword: 0
HashAlg = dword: 32771

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc} (4)
Description = Stop the download of this file
FriendlyName = msadc11.cab
SaferFlags = dword: 0
HashAlg = dword: 32771

- Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33} (2)
Description =
SaferFlags = dword: 0

* Alternate policies *
- Software\Microsoft\Windows\CurrentVersion\policies\NonEnum (3)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = dword: 1
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = dword: 1073741857
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = dword: 32

- Software\Microsoft\Windows\CurrentVersion\policies\system (5)
dontdisplaylastusername = dword: 0
legalnoticecaption =
legalnoticetext =
shutdownwithoutlogon = dword: 1
undockwithoutlogon = dword: 1



--------------------

ActiveX objects (14):

BASEIE40_W2K - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe
BRANDING.CAB - {60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
DOTNETFRAMEWORKS - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
IE4Shell_NT - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
IEACCESS - {26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE
MailNews - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
Messenger - {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
NetMeeting - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
OEACCESS - {881dd1c5-3dcf-431b-b061-f3f88e8be88a} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE
Theme Component - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll
WAB - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
Windows Marketplace Link - {4b218e3e-bc98-4770-93d3-2731b9329278} - C:\WINDOWS\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 C:\WINDOWS\inf\ie.inf
WMPACCESS - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

--------------------

Internet Explorer toolbars:

[This user]
* ShellBrowser (3) *
Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
&Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll
&Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll

* WebBrowser (3) *
&Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll
&Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll
(no name) - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)


--------------------

Internet Explorer buttons/tools (4):

AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
- -
MoneySide - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

--------------------

Internet Explorer menu extensions:

[This user (1)]
E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

--------------------

Internet Explorer Bands (8):

Search Band - {30D02401-6A81-11d0-8274-00C04FD5AE38} - C:\WINDOWS\System32\browseui.dll
&Tip of the Day - {4D5C8C25-D075-11d0-B416-00C04FB90376} - C:\WINDOWS\System32\shdocvw.dll
MoneySide - {9404901D-06DA-4B23-A0EE-3EA4F64EC9B3} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
&Discuss - {BDEADE7F-C265-11D0-BCED-00A0C90AB50F} - shdocvw.dll
File Search Explorer Band - {C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - C:\WINDOWS\system32\SHELL32.dll
Favorites Band - {EFA24E61-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\System32\shdocvw.dll
History Band - {EFA24E62-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\System32\shdocvw.dll
Explorer Band - {EFA24E64-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\System32\shdocvw.dll

--------------------

Downloaded Program Files (12):

Microsoft XML Parser for Java - Microsoft XML Parser for Java - (no file) - file://C:\WINDOWS\Java\classes\xmldso.cab
Yahoo! Chess - Yahoo! Chess - (no file) - http://download.game...nts/y/ct0_x.cab
Yahoo! Euchre - Yahoo! Euchre - (no file) - http://download.game...nts/y/et0_x.cab
(no name) - {00000161-0000-0010-8000-00AA00389B71} - (no file) - http://codecs.micros...386/msaudio.cab
Shockwave ActiveX Control - {166B1BCA-3F9C-11CF-8075-444553540000} - C:\WINDOWS\SYSTEM32\Macromed\Director\SwDir.dll - http://download.macr...director/sw.cab
YInstStarter Class - {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - C:\WINDOWS\Downloaded Program Files\yinsthelper.dll - http://download.yaho...talls/yinst.cab
(no name) - {33564D57-9980-0010-8000-00AA00389B71} - (no file) - http://codecs.micros...386/wmv9dmo.cab
Java Runtime Environment 1.5.0 - {8AD9C840-044E-11D1-B3E9-00805F499D93} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll - http://java.sun.com/...indows-i586.cab
(no name) - {9F1C11AA-197B-4942-BA54-47A8489BB47F} - (no file) - http://v4.windowsupd...7648.7454976852
Java Runtime Environment 1.5.0 - {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll - http://java.sun.com/...indows-i586.cab
Shockwave Flash Object - {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx - http://fpdownload.ma...ash/swflash.cab
IMViewerControl Class - {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} - C:\WINDOWS\System32\CIMVIEW.dll - http://companion.log...n/bin/imvid.cab

--------------------

URL search hooks:

[This user (1)]
Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll

--------------------

Explorer clones:

C:\WINDOWS\explorer.exe

--------------------

Image File Execution Options (1):

Your Image File Name Here without a path = ntsd -d

--------------------

ContextMenuHandlers:

[* (7)]
BriefcaseMenu = {85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
Offline Files = {750fdf0e-2a26-11d1-a3ea-080036587f03} = C:\WINDOWS\System32\cscui.dll
Open With = {09799AFB-AD67-11d1-ABCD-00C04FC30936} = C:\WINDOWS\system32\SHELL32.dll
Open With EncryptionMenu = {A470F8CF-A1E8-4f65-8335-227475AA5C46} = C:\WINDOWS\system32\SHELL32.dll
Start Menu Pin = {a2a9545d-a0c2-42b4-9708-a0b2badd77c8} = C:\WINDOWS\system32\SHELL32.dll
Symantec.Norton.Antivirus.IEContextMenu = {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
WinRAR = {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[Drive (7)]
Adaptec DirectCD Shell Extension = {5E44E225-A408-11CF-B581-008029601108} = C:\PROGRA~1\Roxio\EASYCD~1\DirectCD\Shellex.dll
Disk Copy Extension = {59099400-57FF-11CE-BD94-0020AF85B590} = diskcopy.dll
Offline Files = {750fdf0e-2a26-11d1-a3ea-080036587f03} = C:\WINDOWS\System32\cscui.dll
Portable Media Devices Menu = {cc86590a-b60a-48e6-996b-41d25ed39a1e} = C:\WINDOWS\system32\Audiodev.dll
Sharing = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
ShellFolder for CD Burning = {fbeb8a05-beee-4442-804e-409d6c4515e9} = C:\WINDOWS\system32\SHELL32.dll
Symantec.Norton.Antivirus.IEContextMenu = {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll

[Folder (3)]
BriefcaseMenu = {85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
Symantec.Norton.Antivirus.IEContextMenu = {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
WinRAR = {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[CompressedFolder (1)]
Compressed (zipped) Folder Context Menu = {b8cdcb65-b1bf-4b42-9428-1dfdb7ee92af} = C:\WINDOWS\System32\zipfldr.dll

[Directory (4)]
EncryptionMenu = {A470F8CF-A1E8-4f65-8335-227475AA5C46} = C:\WINDOWS\system32\SHELL32.dll
Offline Files = {750fdf0e-2a26-11d1-a3ea-080036587f03} = C:\WINDOWS\System32\cscui.dll
Sharing = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
WinRAR = {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[Directory\Background (2)]
ACE = {5E2121EE-0300-11D4-8D3B-444553540000} = C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll
New = {D969A300-E7FF-11d0-A93B-00A0C90F2719} = C:\WINDOWS\system32\SHELL32.dll

[file (1)]
Symantec.Norton.Antivirus.IEContextMenu = {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll

[ChannelShortcut (1)]
Channel Menu Handler Object = {f3da0dc0-9cc8-11d0-a599-00c04fd64437} = C:\WINDOWS\System32\cdfview.dll

[InternetShortcut (1)]
Internet Shortcut = {FBF23B40-E3F0-101B-8488-00AA003E56F8} = shdocvw.dll

[AllFileSystemObjects (1)]
Send To = {7BA4C740-9E81-11CF-99D3-00AA004AE837} = C:\WINDOWS\system32\SHELL32.dll

--------------------

ColumnHandlers (4):

(no name) - {0D2E74C4-3C34-11d2-A27E-00C04FC30871} - C:\WINDOWS\system32\SHELL32.dll
(no name) - {24F14F01-7B1C-11d1-838f-0000F80461CF} - C:\WINDOWS\system32\SHELL32.dll
(no name) - {24F14F02-7B1C-11d1-838f-0000F80461CF} - C:\WINDOWS\system32\SHELL32.dll
(no name) - {66742402-F9B9-11D1-A202-0000F81FEDEE} - C:\WINDOWS\system32\SHELL32.dll

--------------------

ShellExecuteHooks (1):

URL Exec Hook = {AEB6717E-7E19-11d0-97EE-00C04FD91972} = shell32.dll

--------------------

Approved Shell Extensions:

[All users (183)]
%DESC_PublishDropTarget% - {60fd46de-f830-4894-a628-6fa81bc0190d} - C:\WINDOWS\System32\photowiz.dll
&Address - {01E04581-4EEE-11d0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll
.CAB file viewer - {0CD7A5C0-9F37-11CE-AE65-08002B2E1262} - cabview.dll
Accessible - {7e653215-fa25-46bd-a339-34a2790f3cb7} - C:\WINDOWS\System32\browseui.dll
ActiveX Cache Folder - {88C6C381-2E85-11D0-94DE-444553540000} - C:\WINDOWS\System32\occache.dll
Adaptec DirectCD Shell Extension - {5E44E225-A408-11CF-B581-008029601108} - C:\PROGRA~1\Roxio\EASYCD~1\DirectCD\Shellex.dll
Address Bar Parser - {E0E11A09-5CB8-4B6C-8332-E00720A168F2} - C:\WINDOWS\System32\browseui.dll
Address EditBox - {A08C11D2-A228-11d0-825B-00AA005B4383} - C:\WINDOWS\System32\browseui.dll
Administrative Tools - {D20EA4E1-3957-11d2-A40B-0C5020524153} - C:\WINDOWS\system32\shdocvw.dll
Audio Media Properties Handler - {875CB1A1-0F29-45de-A1AE-CFB4950D0B78} - C:\WINDOWS\System32\shmedia.dll
Augmented Shell Folder - {91EA3F8B-C99B-11d0-9815-00C04FD91972} - C:\WINDOWS\System32\browseui.dll
Augmented Shell Folder 2 - {6413BA2C-B461-11d1-A18A-080036B11A03} - C:\WINDOWS\System32\browseui.dll
Auto Update Property Sheet Extension - {5F327514-6C5E-4d60-8F16-D07FA08A78ED} - C:\WINDOWS\system32\wuaucpl.cpl
Avi Properties Handler - {87D62D94-71B3-4b9a-9489-5FE6850DC73E} - C:\WINDOWS\System32\shmedia.dll
BandProxy - {F61FFEC1-754F-11d0-80CA-00AA005B4383} - C:\WINDOWS\System32\browseui.dll
Briefcase - {85BBD920-42A0-1069-A2E4-08002B30309D} - syncui.dll
Catalyst Context Menu extension - {5E2121EE-0300-11D4-8D3B-444553540000} - C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll
CDF Extension Copy Hook - {67EA19A0-CCEF-11d0-8024-00C04FD75D13} - C:\WINDOWS\System32\shdocvw.dll
Channel File - {f39a0dc0-9cc8-11d0-a599-00c04fd64433} - C:\WINDOWS\System32\cdfview.dll
Channel Handler Object - {f3ba0dc0-9cc8-11d0-a599-00c04fd64435} - C:\WINDOWS\System32\cdfview.dll
Channel Menu - {f3da0dc0-9cc8-11d0-a599-00c04fd64437} - C:\WINDOWS\System32\cdfview.dll
Channel Properties - {f3ea0dc0-9cc8-11d0-a599-00c04fd64438} - C:\WINDOWS\System32\cdfview.dll
Channel Shortcut - {f3aa0dc0-9cc8-11d0-a599-00c04fd64434} - C:\WINDOWS\System32\cdfview.dll
Code Download Agent - {7D559C10-9FE9-11d0-93F7-00AA0059CE02} - C:\WINDOWS\System32\webcheck.dll
Compatibility Page - {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} - SlayerXP.dll
Compressed (zipped) Folder - {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} - C:\WINDOWS\System32\zipfldr.dll
Compressed (zipped) Folder Right Drag Handler - {BD472F60-27FA-11cf-B8B4-444553540000} - C:\WINDOWS\System32\zipfldr.dll
Compressed (zipped) Folder SendTo Target - {888DCA60-FC0A-11CF-8F0F-00C04FD7D062} - C:\WINDOWS\System32\zipfldr.dll
ConnectionAgent - {E6CC6978-6B6E-11D0-BECA-00C04FD940BE} - C:\WINDOWS\System32\webcheck.dll
Crypto PKO Extension - {7444C717-39BF-11D1-8CD9-00C04FC29D45} - C:\WINDOWS\system32\cryptext.dll
Crypto Sign Extension - {7444C719-39BF-11D1-8CD9-00C04FC29D45} - C:\WINDOWS\system32\cryptext.dll
Custom MRU AutoCompleted List - {6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} - C:\WINDOWS\System32\browseui.dll
Darwin App Publisher - {CFCCC7A0-A282-11D1-9082-006008059382} - C:\WINDOWS\System32\appwiz.cpl
DfsShell - {ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} - C:\WINDOWS\System32\dfsshlex.dll
Directory Context Menu Verbs - {62AE1F9A-126A-11D0-A14B-0800361B1103} - C:\WINDOWS\System32\dsuiext.dll
Directory Object Find - {163FDC20-2ABC-11d0-88F0-00A024AB2DBB} - C:\WINDOWS\System32\dsquery.dll
Directory Property UI - {0D45D530-764B-11d0-A1CA-00AA00C16E65} - C:\WINDOWS\System32\dsuiext.dll
Directory Query UI - {8A23E65E-31C2-11d0-891C-00A024AB2DBB} - C:\WINDOWS\System32\dsquery.dll
Directory Start/Search Find - {F020E586-5264-11d1-A532-0000F8757D7E} - C:\WINDOWS\System32\dsquery.dll
Disk Copy Extension - {59099400-57FF-11CE-BD94-0020AF85B590} - diskcopy.dll
Disk Quota UI - {7988B573-EC89-11cf-9C00-00AA00A14F56} - dskquoui.dll
Display Adapter CPL Extension - {42071712-76d4-11d1-8b24-00a0c9068ff3} - deskadp.dll
Display Monitor CPL Extension - {42071713-76d4-11d1-8b24-00a0c9068ff3} - deskmon.dll
Display Panning CPL Extension - {42071714-76d4-11d1-8b24-00a0c9068ff3} - deskpan.dll
Display TroubleShoot CPL Extension - {f92e8c40-3d33-11d2-b1aa-080036a75b03} - deskperf.dll
Download Status - {22BF0C20-6DA7-11D0-B373-00A0C9034938} - C:\WINDOWS\System32\browseui.dll
DS Security Page - {4E40F770-369C-11d0-8922-00A024AB2DBB} - dssec.dll
E-mail - {2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Encryption Context Menu - {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} -
Explorer Band - {EFA24E64-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\System32\shdocvw.dll
Extensions Manager Folder - {692F0339-CBAA-47e6-B5B5-3B84DB604E87} - C:\WINDOWS\System32\extmgr.dll
Favorites Band - {EFA24E61-B078-11d0-89E4-00C04FC9E26E} - C:\WINDOWS\System32\shdocvw.dll
Fonts - {BD84B380-8CA2-1069-AB1D-08000948F534} - fontext.dll
Fonts - {D20EA4E1-3957-11d2-A40B-0C5020524152} - C:\WINDOWS\system32\shdocvw.dll
For &People... - {32714800-2E5F-11d0-8B85-00AA0044F941} - C:\Program Files\Outlook Express\wabfind.dll
FTP Folders Webview - {63da6ec0-2e98-11cf-8d82-444553540000} - C:\WINDOWS\System32\msieftp.dll
Fusion Cache - {1D2680C9-0E2A-469d-B787-065558BC7D43} - C:\WINDOWS\system32\mscoree.dll
GDI+ file thumbnail extractor - {3F30C968-480A-4C6C-862D-EFC0897BB84B} - C:\WINDOWS\system32\shimgvw.dll
Get a Passport Wizard - {58f1f272-9240-4f51-b6d4-fd63d1618591} - C:\WINDOWS\System32\netplwiz.dll

Edited by twism7, 28 April 2006 - 11:50 AM.

  • 0

Advertisements

#17
twism7
Posted 28 April 2006 - 11:54 AM

twism7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Startuplist continued

Global Folder Settings - {EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} - C:\WINDOWS\System32\browseui.dll
Help and Support - {2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Help and Support - {2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
History - {FF393560-C2A7-11CF-BFF4-444553540000} - C:\WINDOWS\System32\shdocvw.dll
HTML Thumbnail Extractor - {EAB841A0-9550-11cf-8C16-00805F1408F3} - C:\WINDOWS\system32\shimgvw.dll
HyperTerminal Icon Ext - {88895560-9AA2-1069-930E-00AA0030EBC8} - C:\WINDOWS\System32\hticons.dll
ICC Profile - {DBCE2480-C732-101B-BE72-BA78E9AD5B27} - C:\WINDOWS\system32\icmui.dll
ICM Monitor Management - {5DB2625A-54DF-11D0-B6C4-0800091AA605} - C:\WINDOWS\System32\icmui.dll
ICM Printer Management - {675F097E-4C4D-11D0-B6C1-0800091AA605} - C:\WINDOWS\system32\icmui.dll
ICM Scanner Management - {176d6597-26d3-11d1-b350-080036a75b03} - icmui.dll
IE4 Suite Splash Screen - {A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\shdocvw.dll
In-pane search - {169A0691-8DF9-11d1-A1C4-00C04FD75D13} - C:\WINDOWS\System32\browseui.dll
Installed Apps Enumerator - {0B124F8F-91F0-11D1-B8B5-006008059382} - C:\WINDOWS\System32\appwiz.cpl
Internet - {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Internet Name Space - {871C5380-42A0-1069-A2EA-08002B30309D} - C:\WINDOWS\System32\shdocvw.dll
InternetShortcut - {FBF23B40-E3F0-101B-8488-00AA003E56F8} - shdocvw.dll
ISFBand OC - {131A6951-7F78-11D0-A979-00C04FD705A2} - C:\WINDOWS\System32\shdocvw.dll
iTunes - {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - C:\Program Files\iTunes\iTunesMiniPlayer.dll
Media Band - {32683183-48a0-441b-a342-7c2a440a9478} -
Microsoft Agent Character Property Sheet Handler - {143A62C8-C33B-11D1-84FE-00C04FA34A14} - C:\WINDOWS\msagent\agentpsh.dll
Microsoft AutoComplete - {00BB2763-6A77-11D0-A535-00C04FD7D062} - C:\WINDOWS\System32\browseui.dll
Microsoft Browser Architecture - {A5E46E3A-8849-11D1-9D8C-00C04FC99D61} - C:\WINDOWS\System32\shdocvw.dll
Microsoft BrowserBand - {7BA4C742-9E81-11CF-99D3-00AA004AE837} - C:\WINDOWS\System32\browseui.dll
Microsoft Data Link - {2206CDB2-19C1-11D1-89E0-00C04FD7A829} - C:\Program Files\Common Files\System\Ole DB\oledb32.dll
Microsoft DocProp Inplace Calendar Control - {6A205B57-2567-4A2C-B881-F787FAB579A3} - C:\WINDOWS\System32\docprop2.dll
Microsoft DocProp Inplace Droplist Combo Control - {0EEA25CC-4362-4A12-850B-86EE61B0D3EB} - C:\WINDOWS\System32\docprop2.dll
Microsoft DocProp Inplace Edit Box Control - {A9CF0EAE-901A-4739-A481-E35B73E47F6D} - C:\WINDOWS\System32\docprop2.dll
Microsoft DocProp Inplace ML Edit Box Control - {8EE97210-FD1F-4B19-91DA-67914005F020} - C:\WINDOWS\System32\docprop2.dll
Microsoft DocProp Inplace Time Control - {28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} - C:\WINDOWS\System32\docprop2.dll
Microsoft DocProp Shell Ext - {883373C3-BF89-11D1-BE35-080036B11A03} - C:\WINDOWS\System32\docprop2.dll
Microsoft History AutoComplete List - {00BB2764-6A77-11D0-A535-00C04FD7D062} - C:\WINDOWS\System32\browseui.dll
Microsoft Internet Toolbar - {5E6AB780-7743-11CF-A12B-00AA004AE837} - C:\WINDOWS\System32\browseui.dll
Microsoft Multiple AutoComplete List Container - {00BB2765-6A77-11D0-A535-00C04FD7D062} - C:\WINDOWS\System32\browseui.dll
Microsoft Office HTML Icon Handler - {42042206-2D85-11D3-8CFF-005004838597} - C:\Program Files\Microsoft Office\Office10\msohev.dll
Microsoft Outlook Custom Icon Handler - {0006F045-0000-0000-C000-000000000046} - C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL
Microsoft Shell Folder AutoComplete List - {03C036F1-A186-11D0-824A-00AA005B4383} - C:\WINDOWS\System32\browseui.dll
Microsoft Url History Service - {3C374A40-BAE4-11CF-BF7D-00AA006946EE} - C:\WINDOWS\System32\shdocvw.dll
Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll
Midi Properties Handler - {A6FD9E45-6E44-43f9-8644-08598F5A74D9} - C:\WINDOWS\System32\shmedia.dll
MMC Icon Handler - {7A80E4A8-8005-11D2-BCF8-00C04F72C717} - C:\WINDOWS\System32\mmcshext.dll
MRU AutoComplete List - {6756A641-DE71-11d0-831B-00AA005B4383} - C:\WINDOWS\System32\browseui.dll
Multimedia File Property Sheet - {00022613-0000-0000-C000-000000000046} - mmsys.cpl
MyDocs Copy Hook - {ECF03A33-103D-11d2-854D-006008059367} - C:\WINDOWS\System32\mydocs.dll
MyDocs Drop Target - {ECF03A32-103D-11d2-854D-006008059367} - C:\WINDOWS\System32\mydocs.dll
MyDocs Properties - {4a7ded0a-ad25-11d0-98a8-0800361b1103} - C:\WINDOWS\System32\mydocs.dll
Network Connections - {7007ACC7-3202-11D1-AAD2-00805FC1270E} - C:\WINDOWS\system32\NETSHELL.dll
Network Connections - {992CFFA0-F557-101A-88EC-00DD010CCC48} - C:\WINDOWS\system32\NETSHELL.dll
NTFS Security Page - {1F2E5C40-9550-11CE-99D2-00AA006E086C} - rshx32.dll
Offline Files Folder - {AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} - C:\WINDOWS\System32\cscui.dll
Offline Files Folder Options - {10CFC467-4392-11d2-8DB4-00C04FA31A66} - C:\WINDOWS\System32\cscui.dll
Offline Files Menu - {750fdf0e-2a26-11d1-a3ea-080036587f03} - C:\WINDOWS\System32\cscui.dll
OLE Docfile Property Page - {3EA48300-8CF6-101B-84FB-666CCB9BCD32} - docprop.dll
PlusPack CPL Extension - {41E300E0-78B6-11ce-849B-444553540000} - C:\WINDOWS\System32\themeui.dll
Portable Media Devices - {640167b4-59b0-47a6-b335-a6b3c0695aea} - C:\WINDOWS\system32\Audiodev.dll
Portable Media Devices Menu - {cc86590a-b60a-48e6-996b-41d25ed39a1e} - C:\WINDOWS\system32\Audiodev.dll
PostAgent - {D8BD2030-6FC9-11D0-864F-00AA006809D9} - C:\WINDOWS\System32\webcheck.dll
Previous Versions - {9DB7A13C-F208-4981-8353-73CC61AE2783} - C:\WINDOWS\System32\twext.dll
Previous Versions Property Page - {596AB062-B4D2-4215-9F74-E9109B0A8153} - C:\WINDOWS\System32\twext.dll
Print Ordering via the Web - {add36aa8-751a-4579-a266-d66f5202ccbb} - C:\WINDOWS\System32\netplwiz.dll
Printers Security Page - {F37C5810-4D3F-11d0-B4BF-00AA00BBB723} - rshx32.dll
Registry Tree Options Utility - {AF4F6510-F982-11d0-8595-00AA004CD6D8} - C:\WINDOWS\System32\browseui.dll
Remote Sessions CPL Extension - {F0152790-D56E-4445-850E-4F3117DB740C} - C:\WINDOWS\System32\remotepg.dll
Run... - {2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Scanners & Cameras - {3F953603-1008-4f6e-A73A-04AAC7A992F1} - wiashext.dll
Scanners & Cameras - {83bbcbf3-b28a-4919-a5aa-73027445d672} - wiashext.dll
Scanners & Cameras - {905667aa-acd6-11d2-8080-00805f6596d2} - wiashext.dll
Scanners & Cameras - {E211B736-43FD-11D1-9EFB-0000F8757FCD} - wiashext.dll
Scanners & Cameras - {FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} - wiashext.dll
Scheduled Tasks - {D6277990-4C6A-11CF-8D87-00AA0060F5BF} - C:\WINDOWS\System32\mstask.dll
Search - {2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Search Assistant OC - {9461b922-3c5a-11d2-bf8b-00c04fb93661} - C:\WINDOWS\System32\shdocvw.dll
Search Band - {30D02401-6A81-11d0-8274-00C04FD5AE38} - C:\WINDOWS\System32\browseui.dll
Sendmail service - {9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} - C:\WINDOWS\System32\sendmail.dll
Sendmail service - {9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} - C:\WINDOWS\System32\sendmail.dll
Set Program Access and Defaults - {2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} - C:\WINDOWS\system32\shdocvw.dll
Shell Application Manager - {352EC2B7-8B9A-11D1-B8AE-006008059382} - C:\WINDOWS\System32\appwiz.cpl
Shell Automation Inproc Service - {0A89A860-D7B1-11CE-8350-444553540000} - C:\WINDOWS\System32\shdocvw.dll
Shell Band Site Menu - {ECD4FC4E-521C-11D0-B792-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
Shell DeskBar - {ECD4FC4C-521C-11D0-B792-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
Shell DeskBarApp - {3CCF8A41-5C85-11d0-9796-00AA00B90ADF} - C:\WINDOWS\System32\browseui.dll
Shell DocObject Viewer - {E7E4BC40-E76A-11CE-A9BB-00AA004AE837} - C:\WINDOWS\System32\shdocvw.dll
Shell extensions for file compression - {764BF0E1-F219-11ce-972D-00AA00A14F56} -
Shell extensions for Microsoft Windows Network objects - {59be4990-f85c-11ce-aff7-00aa003ca9f6} - ntlanui2.dll
Shell Extensions for RealOne Player - {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} -
Shell extensions for sharing - {40dd6e20-7c17-11ce-a804-00aa003ca9f6} - ntshrui.dll
Shell extensions for sharing - {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} - ntshrui.dll
Shell extensions for Windows Script Host - {60254CA5-953B-11CF-8C96-00AA00B8708C} - C:\WINDOWS\System32\wshext.dll
Shell Image Data Factory - {66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} - C:\WINDOWS\system32\shimgvw.dll
Shell Image Property Handler - {eb9b1153-3b57-4e68-959a-a3266bc3d7fe} - C:\WINDOWS\system32\shimgvw.dll
Shell Image Verbs - {e84fda7c-1d6a-45f6-b725-cb260c236066} - C:\WINDOWS\system32\shimgvw.dll
Shell properties for a DS object - {9E51E0D0-6E0F-11d2-9601-00C04FA31A86} - C:\WINDOWS\System32\dsquery.dll
Shell Publishing Wizard Object - {6b33163c-76a5-4b6c-bf21-45de9cd503a1} - C:\WINDOWS\System32\netplwiz.dll
Shell Rebar BandSite - {ECD4FC4D-521C-11D0-B792-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
Shell Scrap DataHandler - {56117100-C0CD-101B-81E2-00AA004AE837} - shscrap.dll
Shell Search Band - {21569614-B795-46b1-85F4-E737A8DC09AD} - C:\WINDOWS\system32\browseui.dll
Subscription Folder - {F5175861-2688-11d0-9C5E-00AA00A45957} - C:\WINDOWS\System32\webcheck.dll
Subscription Mgr - {ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} - C:\WINDOWS\System32\webcheck.dll
Summary Info Thumbnail handler (DOCFILES) - {9DBD2C50-62AD-11d0-B806-00C04FD706EC} - C:\WINDOWS\system32\shimgvw.dll
Taskbar and Start Menu - {0DF44EAA-FF21-4412-828E-260A8728E7F1} -
Tasks Folder Icon Handler - {DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} - C:\WINDOWS\System32\mstask.dll
Tasks Folder Shell Extension - {797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} - C:\WINDOWS\System32\mstask.dll
Temporary Internet Files - {7BD29E00-76C1-11CF-9DD0-00A0C9034933} - C:\WINDOWS\System32\shdocvw.dll
Temporary Internet Files - {7BD29E01-76C1-11CF-9DD0-00A0C9034933} - C:\WINDOWS\System32\shdocvw.dll
The Internet - {3DC7A020-0ACD-11CF-A9BB-00AA004AE837} - C:\WINDOWS\System32\shdocvw.dll
Track Popup Bar - {acf35015-526e-4230-9596-becbe19f0ac9} - C:\WINDOWS\System32\browseui.dll
TrayAgent - {E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} - C:\WINDOWS\System32\webcheck.dll
TridentImageExtractor - {7376D660-C583-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\browseui.dll
User Accounts - {7A9D77BD-5403-11d2-8785-2E0420524153} -
User Assist - {DD313E04-FEFF-11d1-8ECD-0000F87A470C} - C:\WINDOWS\System32\browseui.dll
Video Media Properties Handler - {40C3D757-D6E4-4b49-BB41-0E5BBEA28817} - C:\WINDOWS\System32\shmedia.dll
Video Thumbnail Extractor - {c5a40261-cd64-4ccf-84cb-c394da41d590} - C:\WINDOWS\System32\shmedia.dll
Wav Properties Handler - {E4B29F9D-D390-480b-92FD-7DDB47101D71} - C:\WINDOWS\System32\shmedia.dll
Web Folders - {BDEADF00-C265-11D0-BCED-00A0C90AB50F} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
Web Printer Shell Extension - {77597368-7b15-11d0-a0c2-080036af3f03} - printui.dll
Web Publishing Wizard - {CC6EEFFB-43F6-46c5-9619-51D571967F7D} - C:\WINDOWS\System32\netplwiz.dll
Web Search - {07798131-AF23-11d1-9111-00A0C98BA67D} - C:\WINDOWS\System32\browseui.dll
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll
WebCheck SyncMgr Handler - {7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} - C:\WINDOWS\System32\webcheck.dll
WebCheckChannelAgent - {E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} - C:\WINDOWS\System32\webcheck.dll
WebCheckWebCrawler - {08165EA0-E946-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll
Windows Media Player Add to Playlist Context Menu Handler - {F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} - C:\WINDOWS\system32\wmpshell.dll
Windows Media Player Burn Audio CD Context Menu Handler - {CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} - C:\WINDOWS\system32\wmpshell.dll
Windows Media Player Play as Playlist Context Menu Handler - {8DD448E6-C188-4aed-AF92-44956194EB1F} - C:\WINDOWS\system32\wmpshell.dll
WinRAR shell extension - {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll

[This user (1)]
Web Folders - {BDEADF00-C265-11d0-BCED-00A0C90AB50F} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

--------------------

Registry 'Run' keys:

[User Run]
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe

[System Run]
Alert = C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
Dell
DellTouch = C:\WINDOWS\MMKeybd.exe
NAV Agent = C:\PROGRA~1\NORTON~1\navapw32.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

--------------------

Protocols:

[Pluggable MIME filters (8)]
application/octet-stream = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} = C:\WINDOWS\system32\mscoree.dll
application/x-complus = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} = C:\WINDOWS\system32\mscoree.dll
application/x-msdownload = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} = C:\WINDOWS\system32\mscoree.dll
Class Install Handler = {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} = C:\WINDOWS\system32\urlmon.dll
deflate = {8f6b0360-b80d-11d0-a9b3-006097942311} = C:\WINDOWS\system32\urlmon.dll
gzip = {8f6b0360-b80d-11d0-a9b3-006097942311} = C:\WINDOWS\system32\urlmon.dll
lzdhtml = {8f6b0360-b80d-11d0-a9b3-006097942311} = C:\WINDOWS\system32\urlmon.dll
text/webviewhtml = {733AC4CB-F1A4-11d0-B951-00A0C90312E1} = C:\WINDOWS\system32\SHELL32.dll

[Protocol handlers (23)]
about = {3050F406-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\System32\mshtml.dll
cdl = {3dd53d40-7b8b-11D0-b013-00aa0059ce02} = C:\WINDOWS\system32\urlmon.dll
cdo = {CD00020A-8B95-11D1-82DB-00C04FB1625D} = C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd = {12D51199-0DB5-46FE-A120-47A3D7D937CC} = C:\WINDOWS\system32\msvidctl.dll
file = {79eac9e7-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
ftp = {79eac9e3-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
gopher = {79eac9e4-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
http = {79eac9e2-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
https = {79eac9e5-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
its = {9D148291-B9C8-11D0-A4CC-0000F80149F6} = C:\WINDOWS\System32\itss.dll
javascript = {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\System32\mshtml.dll
lid = {5C135180-9973-46D9-ABF4-148267CBB8BF} = C:\WINDOWS\System32\msvidctl.dll
local = {79eac9e7-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
mailto = {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\System32\mshtml.dll
mhtml = {05300401-BCBC-11d0-85E3-00C04FD85AB4} = C:\WINDOWS\System32\inetcomm.dll
mk = {79eac9e6-baf9-11ce-8c82-00aa004ba90b} = C:\WINDOWS\system32\urlmon.dll
ms-its = {9D148291-B9C8-11D0-A4CC-0000F80149F6} = C:\WINDOWS\System32\itss.dll
mso-offdap = {3D9F03FA-7A94-11D3-BE81-0050048385D1} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
res = {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\System32\mshtml.dll
sysimage = {76E67A63-06E9-11D2-A840-006008059382} = C:\WINDOWS\System32\mshtml.dll
tv = {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} = C:\WINDOWS\system32\msvidctl.dll
vbscript = {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} = C:\WINDOWS\System32\mshtml.dll
wia = {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} = C:\WINDOWS\System32\wiascr.dll

--------------------

WOW compatibility:

cmdline = C:\WINDOWS\system32\ntvdm.exe
wowcmdline = C:\WINDOWS\system32\ntvdm.exe -a C:\WINDOWS\system32\krnl386

[KnownDlls (16-bit) (40)]
avicap.dll
avifile.dll
comm.drv
commdlg.dll
compobj.dll
ctl3dv2.dll
ddeml.dll
keyboard.drv
lanman.drv
mapi.dll
mciavi.drv
mciseq.drv
mciwave.drv
mmsystem.dll
mouse.drv
msacm.dll
msvideo.dll
netapi.dll
ole2.dll
ole2disp.dll
ole2nls.dll
olecli.dll
olesvr.dll
pmspl.dll
progman.exe
rasapi16.dll
shell.dll
sound.drv
storage.dll
system.drv
timer.drv
toolhelp.dll
typelib.dll
vga.drv
wfwnet.drv
win87em.dll
winoldap.mod
winsock.dll
winspool.exe
wowdeb.exe

[KnownDlls (32-bit) (20)]
advapi32.dll
comdlg32.dll
gdi32.dll
imagehlp.dll
kernel32.dll
lz32.dll
ole32.dll
oleaut32.dll
olecli32.dll
olecnv32.dll
olesvr32.dll
olethk32.dll
rpcrt4.dll
shell32.dll
url.dll
urlmon.dll
user32.dll
version.dll
wininet.dll
wldap32.dll

--------------------

ShellServiceObjectDelayLoad:

[All users (4)]
CDBurn = {fbeb8a05-beee-4442-804e-409d6c4515e9} = C:\WINDOWS\system32\SHELL32.dll
PostBootReminder = {7849596a-48ea-486e-8937-a2a3009f31a9} = C:\WINDOWS\system32\SHELL32.dll
SysTray = {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\System32\webcheck.dll

--------------------

SharedTaskScheduler (2):

Browseui preloader = {438755C2-A8BA-11D1-B96B-00A0C90312E1} = C:\WINDOWS\System32\browseui.dll
Component Categories cache daemon = {8C7461EF-2B13-11d2-BE35-3078302C2030} = C:\WINDOWS\System32\browseui.dll

--------------------

Winsock LSP:

[Protocols (14)]
MSAFD Tcpip [TCP/IP] - {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD Tcpip [UDP/IP] - {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
RSVP UDP Service Provider - {9D60A9E0-337A-11D0-BD88-0000C082E69A} - C:\WINDOWS\system32\rsvpsp.dll
RSVP TCP Service Provider - {9D60A9E0-337A-11D0-BD88-0000C082E69A} - C:\WINDOWS\system32\rsvpsp.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{58EB4789-5B13-4F6F-9D6C-DB192BB12CA0}] SEQPACKET 3 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{58EB4789-5B13-4F6F-9D6C-DB192BB12CA0}] DATAGRAM 3 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{B7E811AD-8DF6-45D0-BB8E-471995BF42E4}] SEQPACKET 0 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{B7E811AD-8DF6-45D0-BB8E-471995BF42E4}] DATAGRAM 0 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{90E60152-F01B-4071-B0AF-2376C540E0D6}] SEQPACKET 4 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{90E60152-F01B-4071-B0AF-2376C540E0D6}] DATAGRAM 4 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{0E155F04-F7CD-444B-B52B-9ECD7ADDECA6}] SEQPACKET 1 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{0E155F04-F7CD-444B-B52B-9ECD7ADDECA6}] DATAGRAM 1 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{8A2D5085-1208-46E7-A54E-97A0DA5D714E}] SEQPACKET 2 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{8A2D5085-1208-46E7-A54E-97A0DA5D714E}] DATAGRAM 2 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll

[Namespace Providers (3)]
Tcpip - {22059D40-7E9E-11CF-AE5A-00AA00A7112B} - C:\WINDOWS\System32\mswsock.dll
NTDS - {3B2637EE-E580-11CF-A555-00C04FD8D4AC} - C:\WINDOWS\System32\winrnr.dll
Network Location Awareness (NLA) Namespace - {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83} - C:\WINDOWS\System32\mswsock.dll

--------------------

Hijack points:

[Reset web settings URLs]
SearchAssistant =
CustomizeSearch =
START_PAGE_URL =
SEARCH_PAGE_URL =
MS_START_PAGE_URL =

[Internet Explorer URLs]
* This user *
- Internet Explorer\Main (5)
Default_Page_Url = http://www.dellnet.com/
Default_Search_Url = http://www.microsoft...=ie&ar=iesearch
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft...=ie&ar=iesearch
Start Page = http://www.microsoft...B_PVER}&ar=home

- Internet Explorer\Desktop\General (2)
BackupWallpaper = %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
Wallpaper = %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

* All users *
- Internet Explorer\Main (5)
Default_Page_Url = http://www.dellnet.com/
Default_Search_Url = http://www.microsoft...=ie&ar=iesearch
Local Page = %SystemRoot%\system32\blank.htm
Search Page = http://www.microsoft...=ie&ar=iesearch
Start Page = http://www.dellnet.com/

- Internet Explorer\Search (2)
CustomizeSearch = http://ie.search.msn...st/srchcust.htm
SearchAssistant = http://ie.search.msn...st/srchasst.htm

- Internet Explorer\AboutURLs (6)
blank = res://mshtml.dll/blank.htm
DesktopItemNavigationFailure = res://shdoclc.dll/navcancl.htm
NavigationCanceled = res://shdoclc.dll/navcancl.htm
NavigationFailure = res://shdoclc.dll/navcancl.htm
OfflineInformation = res://shdoclc.dll/offcancl.htm
PostNotCached = res://mshtml.dll/repost.htm



[Default URL prefixes]
default = http://
ftp = ftp://
gopher = gopher://
home = http://
mosaic = http://
www = http://

[Hosts file location]
DatabasePath = C:\WINDOWS\System32\drivers\etc\hosts

--------------------

Protection & disabled items:

[Hosts file (29)]
* 127.0.0.1 *
localhost
sds-qckads.com
status.qckads.com
www.qoolaid.com
www.qoologic.com
www.CLKPrecision.com
www.urllogic.com
www.clkoptimizer.com
www.isearch.com
isearch.com
www.idownload.com
idownload.com
www.mytotalsearch.com
mytotalsearch.com
www.lop.com
lop.com
www.websearch.com
websearch.com
www.page-not-found.net
page-not-found.net
www.isearchhere.com
isearchhere.com
as.adwave.com
sr.adwave.com
www.adwave.com
adwave.com EVENT:HOST:127.0.0.1
www.pacimedia.com
www.exactsearch.net
www.contextplus.net


[ActiveX killbits (111)]
&Address - {01E04581-4EEE-11d0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll
(no name) - {0006f02a-0000-0000-c000-000000000046} - C:\PROGRA~1\MICROS~2\Office10\OUTLLIB.DLL
(no name) - {083863F1-70DE-11d0-BD40-00A0C911CE86} - C:\WINDOWS\System32\devenum.dll
(no name) - {283807b8-2c60-11d0-a31d-00aa00b92c03} - C:\WINDOWS\System32\danim.dll
(no name) - {542FB453-5003-11CF-92A2-00AA00B8A733} - C:\WINDOWS\System32\danim.dll
(no name) - {b4b3aecb-dfd6-11d1-9daa-00805f85cfe3} - C:\WINDOWS\system32\CLBCatQ.DLL
(no name) - {e846f0a0-d367-11d1-8286-00a0c9231c29} - C:\WINDOWS\System32\clbcatex.dll
ACM Class Manager - {33d9a761-90c8-11d0-bd43-00a0c911ce86} - C:\WINDOWS\System32\devenum.dll
ActiveXPlugin Object - {06DD38D3-D187-11CF-A80D-00C04FD74AD8} - C:\WINDOWS\System32\plugin.ocx
ADODB.Stream - {00000566-0000-0010-8000-00AA006D2EA4} - C:\Program Files\Common Files\System\ado\msado15.dll
Bln Proxy - {bc5f1e51-5110-11d1-aff5-006097c9a284} - C:\PROGRA~1\MICROS~2\Office10\BLNMGRPS.DLL
BlnMgr Class - {3f8a6c33-e0fd-11d0-8a8c-00a0c90c2bc5} - C:\Program Files\Microsoft Office\Office10\BLNMGR.DLL
BlnMgr Proxy - {F27CE930-4CA3-11D1-AFF2-006097C9A284} - C:\PROGRA~1\MICROS~2\Office10\BLNMGRPS.DLL
Briefcase - {85bbd920-42a0-1069-a2e4-08002b30309d} - syncui.dll
CEnroll Class - {43F8F289-7A20-11D0-8F06-00C04FC295E1} - C:\WINDOWS\system32\xenroll.dll
cfw Class - {ecabafc0-7f19-11d2-978e-0000f8757e2a} - C:\WINDOWS\system32\comsvcs.dll
CLSID_ApprenticeICW - {8ee42293-c315-11d0-8d6f-00a0c9a06e1f} - C:\WINDOWS\System32\inetcfg.dll
CLSID_CCommAcctImport - {1aa06ba1-0e88-11d1-8391-00c04fbd7c09} - C:\WINDOWS\System32\msoeacct.dll
CLSID_CDIDeviceActionConfigPage - {18ab439e-fcf4-40d4-90da-f79baa3b0655} - C:\WINDOWS\System32\diactfrm.dll
CommunicationManager - {67dcc487-aa48-11d1-8f4f-00c04fb611c7} - C:\WINDOWS\System32\msdtctm.dll
DiskManagement.Connection - {fd78d554-4c6e-11d0-970d-00a0c9191601} - C:\WINDOWS\System32\dmdskmgr.dll
Dutch_Dutch Stemmer - {860d28d0-8bf4-11ce-be59-00aa0051fe20} - infosoft.dll
English_UK Stemmer - {d99f7670-7f1a-11ce-be57-00aa0051fe20} - infosoft.dll
English_US Stemmer - {eeed4c20-7f1b-11ce-be57-00aa0051fe20} - infosoft.dll
French_French Stemmer - {2a6eb050-7f1c-11ce-be57-00aa0051fe20} - infosoft.dll
FTP Folder Web View Automation - {210DA8A2-7445-11D1-91F7-006097DF5BD4} - C:\WINDOWS\System32\msieftp.dll
German_German Stemmer - {510a4910-7f1c-11ce-be57-00aa0051fe20} - infosoft.dll
H323MSP Class - {0F1BE7F8-45CA-11D2-831F-00A0244D2298} - C:\WINDOWS\System32\h323msp.dll
Helper Object for Java - {8e26bfc1-afd6-11cf-bffc-00aa003cfdfc} - C:\WINDOWS\System32\vmhelper.dll
HHCtrl Object - {41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} - C:\WINDOWS\system32\hhctrl.ocx
HHCtrl Object - {ADB880A6-D8FF-11CF-9377-00AA003B7A11} - C:\WINDOWS\System32\hhctrl.ocx
IAVIStream & IAVIFile Proxy - {0002000D-0000-0000-C000-000000000046} - avifil32.dll
ICM Class Manager - {33d9a760-90c8-11d0-bd43-00a0c911ce86} - C:\WINDOWS\System32\devenum.dll
IndexServer Simple Command Creator - {c7b6c04a-cbb5-11d0-bb4c-00c04fc2f410} - C:\WINDOWS\system32\query.dll
InstallEngineCtl Object - {6E449683-C509-11CF-AAFA-00AA00B6015C} - C:\WINDOWS\System32\asctrls.ocx
IPConfMSP Class - {0F1BE7F7-45CA-11D2-831F-00A0244D2298} - C:\WINDOWS\System32\confmsp.dll
Italian_Italian Stemmer - {6d36ce10-7f1c-11ce-be57-00aa0051fe20} - infosoft.dll
JVIEW Profiler - {03D9F3F2-B0E3-11D2-B081-006008039BF0} - C:\WINDOWS\System32\javaprxy.dll
LM Runtime Control - {183C259A-0480-11d1-87EA-00C04FC29D46} - C:\WINDOWS\System32\LMRT.dll
Log Sink Class - {DE4735F3-7532-4895-93DC-9A10C4257173} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCORE.DLL
Marquee Control - {250770f3-6af2-11cf-a915-008029e31fcd} - C:\Program Files\Microsoft Office\Office10\HTML\HTMLMARQ.OCX
MarshalableTI Class - {466d66fa-9616-11d2-9342-0000f875ae17} - C:\WINDOWS\System32\msconf.dll
mbcontent Class - {52ca3bcf-3b9b-419e-a3d6-5d28c0b0b50c} - C:\WINDOWS\System32\browsewm.dll
Media Streaming Dynamic Terminal - {AED6483F-3304-11D2-86F1-006008B0E5D2} - C:\WINDOWS\System32\termmgr.dll
MessageMover Class - {ecabb0bf-7f19-11d2-978e-0000f8757e2a} - C:\WINDOWS\system32\comsvcs.dll
Microsoft Agent Control 1.5 - {F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5} - C:\WINDOWS\msagent\agentctl.dll
Microsoft Common Browser Architecture - {AF604EFE-8897-11D1-B944-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
Microsoft DocHost User Interface Handler - {7057e952-bd1b-11d1-8919-00c04fc2c836} - C:\WINDOWS\System32\shdocvw.dll
Microsoft HTA Document 6.0 - {3050F5C8-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
Microsoft Html Document for Popup Window - {3050F67D-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
Microsoft Html Popup Window - {3050f667-98b5-11cf-bb82-00aa00bdce0b} - C:\WINDOWS\System32\mshtml.dll
Microsoft HTML Window Security Proxy - {3050F391-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
Microsoft Index Server Scope Administration Object - {3bc4f3a7-652a-11d1-b4d4-00c04fc2db8d} - C:\WINDOWS\system32\ciodm.dll
Microsoft MPEG-4 Video Decompressor Property page - {598eba02-b49a-11d2-a1c1-00609778ea66} - C:\WINDOWS\System32\mpg4ds32.ax
Microsoft MS Audio Decompressor Control Property page - {8FE7E181-BB96-11D2-A1CB-00609778EA66} - C:\WINDOWS\System32\msadds32.ax
Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - C:\WINDOWS\system32\wmpdxm.dll
Microsoft Office Free/Busy Registration - {f28d867a-ddb1-11d3-b8e8-00a0c981aeeb} - C:\PROGRA~1\MICROS~2\Office10\MSOSVFBR.DLL
Microsoft Rich Textbox Control 6.0 (SP6) - {3B7C8860-D78F-101B-B9B5-04021C009402} - C:\WINDOWS\system32\richtx32.ocx
Microsoft WBEM Event Subsystem - {5d08b586-343a-11d0-ad46-00c04fd8fdff} - C:\WINDOWS\System32\wbem\wbemess.dll
MidiOut Class Manager - {4efe2452-168a-11d1-bc76-00c04fb9453b} - C:\WINDOWS\System32\devenum.dll
MMStream Class - {49C47CE5-9BA4-11D0-8212-00C04FC32C45} - C:\WINDOWS\System32\amstream.dll
MSP Class - {4DDB6D36-3BC1-11D2-86F2-006008B0E5D2} - C:\WINDOWS\System32\wavemsp.dll
MTSEvents Class - {ecabb0ab-7f19-11d2-978e-0000f8757e2a} - C:\WINDOWS\system32\comsvcs.dll
Multimedia File Property Sheet - {00022613-0000-0000-c000-000000000046} - mmsys.cpl
Network Connections - {7007acc7-3202-11d1-aad2-00805fc1270e} - C:\WINDOWS\system32\NETSHELL.dll
Network Connections - {992cffa0-f557-101a-88ec-00dd010ccc48} - C:\WINDOWS\system32\NETSHELL.dll
Network Connections Tray - {7007ACCF-3202-11D1-AAD2-00805FC1270E} - C:\WINDOWS\system32\NETSHELL.dll
Outlook Express Address Book - {233A9694-667E-11D1-9DFB-006097D50408} - %ProgramFiles%\Outlook Express\msoe.dll
Outlook Progress Ctl - {0006F071-0000-0000-C000-000000000046} - C:\PROGRA~1\MICROS~2\Office10\OUTLLIB.DLL
PostBootReminder object - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll
PSDispatch - {00020420-0000-0000-c000-000000000046} - C:\WINDOWS\system32\oleaut32.dll
PSEnumVariant - {00020421-0000-0000-C000-000000000046} - C:\WINDOWS\system32\oleaut32.dll
PSOAInterface - {00020424-0000-0000-c000-000000000046} - C:\WINDOWS\system32\oleaut32.dll
PSSupportErrorInfo - {DF0B3D60-548F-101B-8E65-08002B2BD119} - oleaut32.dll
PSTypeComp - {00020425-0000-0000-C000-000000000046} - C:\WINDOWS\system32\oleaut32.dll
PSTypeInfo - {00020422-0000-0000-C000-000000000046} - C:\WINDOWS\system32\oleaut32.dll
PSTypeLib - {00020423-0000-0000-C000-000000000046} - C:\WINDOWS\system32\oleaut32.dll
Queued Components Recorder - {ecabafc2-7f19-11d2-978e-0000f8757e2a} - C:\WINDOWS\system32\comsvcs.dll
Redirect - {42B07B28-2280-4937-B035-0293FB812781} - C:\WINDOWS\System32\dxtmsft.dll
RegWizCtrl - {50E5E3D1-C07E-11D0-B9FD-00A0249F6B00} - C:\WINDOWS\System32\regwizc.dll
SafeWia Class - {0DAD5531-BF31-43AC-A513-1F8926BBF5EC} - C:\WINDOWS\System32\wiascr.dll
Script Encoder Object - {32DA2B15-CFED-11D1-B747-00C04FC2B085} - C:\WINDOWS\System32\scrrun.dll
SdpConferenceBlob Class - {9B2719DD-B696-11D0-A489-00C04FD91AC0} - C:\WINDOWS\System32\sdpblb.dll
Search Assistant Control - {47c6c527-6204-4f91-849d-66e234dee015} - c:\windows\srchasst\srchui.dll
ShellFolder for CD Burning - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll
Shortcut - {00021401-0000-0000-c000-000000000046} - shell32.dll
Spanish_Modern Stemmer - {b0516ff0-7f1c-11ce-be57-00aa0051fe20} - infosoft.dll
Start Menu - {4622ad11-ff23-11d0-8d34-00a0c90f2719} - C:\WINDOWS\system32\SHELL32.dll
Swedish_Default Stemmer - {9478f640-7f1c-11ce-be57-00aa0051fe20} - infosoft.dll
System Monitor Source Properties - {0CF32AA1-7571-11D0-93C4-00AA00A3DDEA} - C:\WINDOWS\System32\sysmon.ocx
SysTray - {35cec8a3-2be6-11d2-8773-92e220524153} - C:\WINDOWS\System32\stobject.dll
SysTrayInvoker - {730f6cdc-2c86-11d2-8773-92e220524153} - C:\WINDOWS\System32\stobject.dll
TipGW Init - {F117831B-C052-11d1-B1C0-00C04FC2F3EF} - C:\WINDOWS\System32\msdtctm.dll
Trident HTMLEditor - {3050f4f5-98b5-11cf-bb82-00aa00bdce0b} - C:\WINDOWS\System32\mshtmled.dll
VFW Capture Class Manager - {860bb310-5d01-11d0-bd3b-00a0c911ce86} - C:\WINDOWS\System32\devenum.dll
Video Effect (1 input) Class Manager - {cc7bfb42-f175-11d1-a392-00e0291f3959} - C:\WINDOWS\System32\qedit.dll
Video Effect (2 input) Class Manager - {cc7bfb43-f175-11d1-a392-00e0291f3959} - C:\WINDOWS\System32\qedit.dll
Video Mixing Renderer 9 - {51b4abf3-748f-4e3b-a276-c828330e926a} - C:\WINDOWS\system32\quartz.dll
Video Render Dynamic Terminal - {AED6483E-3304-11D2-86F1-006008B0E5D2} - C:\WINDOWS\System32\termmgr.dll
VideoPort Object - {ce292861-fc88-11d0-9e69-00c04fd7c15b} - C:\WINDOWS\System32\qdvd.dll
VMR Allocator Presenter 9 - {2d2e24cb-0cd5-458f-86ea-3e6fa22c8e64} - C:\WINDOWS\system32\quartz.dll
VMR ImageSync 9 - {e4979309-7a32-495e-8a92-7b014aad4961} - C:\WINDOWS\system32\quartz.dll
WaveIn Class Manager - {33D9A762-90C8-11d0-BD43-00A0C911CE86} - C:\WINDOWS\System32\devenum.dll
WaveOut and DSound Class Manager - {e0f158e1-cb04-11d0-bd4e-00a0c911ce86} - C:\WINDOWS\System32\devenum.dll
Wbem Scripting Object Path - {172BDDF8-CEEA-11D1-8B05-00600806D9B6} - C:\WINDOWS\System32\wbem\wbemdisp.dll
WDM Instance Provider - {d2d588b5-d081-11d0-99e0-00c04fc2f8ec} - C:\WINDOWS\System32\wbem\wmiprov.dll
WIA FileSystem USD - {d2923b86-15f1-46ff-a19a-de825f919576} - C:\WINDOWS\System32\fsusd.dll
WIA Video Preview Class - {457A23DF-6F2A-4684-91D0-317FB768D87C} - C:\WINDOWS\System32\camocx.dll
Windows Media Video Decompressor Property page - {9AADA567-04E0-11D4-9148-00C04F610D24} - C:\WINDOWS\System32\wmv8ds32.ax
WMI ADSI Extension - {f0975afe-5c7f-11d2-8b74-00104b2afb41} - C:\WINDOWS\System32\wbem\wbemads.dll
WMT Screen capture Filter - {31087270-d348-432c-899e-2d2f38ff29a0} - C:\Program Files\Movie Maker\wmm2filt.dll

[MSConfig XP (21)]
AdaptecDirectCD = "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
AIM = C:\Program Files\AIM95\aim.exe -cnetwait.odl
ATI DeviceDetect = C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
ATI Launchpad = "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
ATI Remote Control = C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
ATICCC = "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
ATIModeChange = Ati2mdxx.exe
ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
BCMSMMSG = BCMSMMSG.exe
DeadAIM = rundll32.exe "C:\Program Files\AIM95\DeadAIM.ocm",ExportedCheckODLs
DIGStream = C:\Program Files\DIGStream\digstream.exe
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
KernelFaultCheck = %systemroot%\system32\dumprep 0 -k
MoneyStartUp10.0 = "C:\Program Files\Microsoft Money\System\Activation.exe"
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
Symantec NetDriver Monitor = C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
TraySantaCruz = C:\WINDOWS\SYSTEM32\tbctray.exe
Yahoo! Pager = C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

[Stopped/disabled NT Services]
* Stopped (41) *
Application Layer Gateway Service = C:\WINDOWS\System32\alg.exe
Application Management = C:\WINDOWS\system32\svchost.exe -k netsvcs
ASP.NET State Service = C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
Background Intelligent Transfer Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
COM+ Event System = C:\WINDOWS\System32\svchost.exe -k netsvcs
COM+ System Application = C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Distributed Transaction Coordinator = C:\WINDOWS\System32\msdtc.exe
Fast User Switching Compatibility = C:\WINDOWS\System32\svchost.exe -k netsvcs
HTTP SSL = C:\WINDOWS\System32\svchost.exe -k HTTPFilter
IMAPI CD-Burning COM Service = C:\WINDOWS\System32\imapi.exe
Indexing Service = C:\WINDOWS\System32\cisvc.exe
InstallDriver Table Manager = "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
Intel® NMS = C:\WINDOWS\System32\NMSSvc.exe
iPodService = C:\Program Files\iPod\bin\iPodService.exe
Logical Disk Manager = C:\WINDOWS\System32\svchost.exe -k netsvcs
Logical Disk Manager Administrative Service = C:\WINDOWS\System32\dmadmin.exe /com
MS Software Shadow Copy Provider = C:\WINDOWS\System32\dllhost.exe /Processid:{422750EB-86AA-4173-8A7E-FEBADE226929}
Net Logon = C:\WINDOWS\System32\lsass.exe
NetMeeting Remote Desktop Sharing = C:\WINDOWS\System32\mnmsrvc.exe
Network Connections = C:\WINDOWS\System32\svchost.exe -k netsvcs
Network Location Awareness (NLA) = C:\WINDOWS\System32\svchost.exe -k netsvcs
Network Provisioning Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
NT LM Security Support Provider = C:\WINDOWS\System32\lsass.exe
Performance Logs and Alerts = C:\WINDOWS\system32\smlogsvc.exe
Portable Media Serial Number Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
QoS RSVP = C:\WINDOWS\System32\rsvp.exe
Remote Access Auto Connection Manager = C:\WINDOWS\System32\svchost.exe -k netsvcs
Remote Access Connection Manager = C:\WINDOWS\System32\svchost.exe -k netsvcs
Remote Desktop Help Session Manager = C:\WINDOWS\system32\sessmgr.exe
Remote Packet Capture Protocol v.0 (experimental) = "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini"
Remote Procedure Call (RPC) Locator = C:\WINDOWS\System32\locator.exe
Removable Storage = C:\WINDOWS\system32\svchost.exe -k netsvcs
Smart Card = C:\WINDOWS\System32\SCardSvr.exe
SSDP Discovery Service = C:\WINDOWS\System32\svchost.exe -k LocalService
Symantec Network Drivers Service = C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Telephony = C:\WINDOWS\System32\svchost.exe -k netsvcs
Terminal Services = C:\WINDOWS\System32\svchost -k DComLaunch
Universal Plug and Play Device Host = C:\WINDOWS\System32\svchost.exe -k LocalService
Volume Shadow Copy = C:\WINDOWS\System32\vssvc.exe
Windows Installer = C:\WINDOWS\system32\msiexec.exe /V
WMI Performance Adapter = C:\WINDOWS\System32\wbem\wmiapsrv.exe

* Stopped & disabled (7) *
Alerter = C:\WINDOWS\System32\svchost.exe -k LocalService
ClipBook = C:\WINDOWS\system32\clipsrv.exe
Human Interface Device Access = C:\WINDOWS\System32\svchost.exe -k netsvcs
Messenger = C:\WINDOWS\System32\svchost.exe -k netsvcs
Network DDE = C:\WINDOWS\system32\netdde.exe
Network DDE DSDM = C:\WINDOWS\system32\netdde.exe
Routing and Remote Access = C:\WINDOWS\System32\svchost.exe -k netsvcs


[Windows XP Security]
* Security Center *
- This user
FirstRun = dword: 1

- All users
AntiVirusDisableNotify = dword: 0
FirewallDisableNotify = dword: 0
UpdatesDisableNotify = dword: 0
AntiVirusOverride = dword: 0
FirewallOverride = dword: 0

* System Restore *
- All users
DisableSR = dword: 0
CreateFirstRunRp = dword: 1
DSMin = dword: 200
DSMax = dword: 400
RPSessionInterval = dword: 0
RPGlobalInterval = dword: 86400
RPLifeInterval = dword: 7776000
CompressionBurst = dword: 60
TimerInterval = dword: 120
DiskPercent = dword: 12
ThawInterval = dword: 900
RestoreDiskSpaceError = dword: 0



==================================================
= Other users on this computer: Default user =
==================================================
--------------------

Autostart folders:

[Startup]
DESKTOP.INI

[User Startup]
DESKTOP.INI
PowerChute.lnk

--------------------

IniMapping values:

User screensaver = logon.scr

--------------------

Policies:

[Alternate policies]
* Software\Microsoft\Windows\CurrentVersion\policies\Explorer (2) *
NoDriveTypeAutoRun = dword: 145
CDRAutoRun = dword: 0


--------------------

Hijack points:

[Internet Explorer URLs]
* Internet Explorer\Main (3) *
Default_Page_Url = http://www.dellnet.com/
First Home Page = http://www.dellnet.com/
Start Page = http://www.dellnet.com/



==================================================
= Other users on this computer: LOCAL SERVICE =
==================================================
--------------------

Autostart folders:

[User Startup]
DESKTOP.INI
PowerChute.lnk

--------------------

IniMapping values:

User screensaver = C:\WINDOWS\System32\logon.scr

--------------------

Policies:

[Alternate policies]
* Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1) *
NoDriveTypeAutoRun = dword: 145



==================================================
= Other users on this computer: NETWORK SERVICE =
==================================================
--------------------

Autostart folders:

[User Startup]
DESKTOP.INI
PowerChute.lnk

--------------------

IniMapping values:

User screensaver = C:\WINDOWS\System32\logon.scr

--------------------

Policies:

[Alternate policies]
* Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1) *
NoDriveTypeAutoRun = dword: 145



==================================================
= Other users on this computer: S-1-5-21-2424629274-963918322-4271176276-1003 =
==================================================
--------------------

Autostart folders:

[Startup]
DESKTOP.INI

[User Startup]
DESKTOP.INI
PowerChute.lnk

--------------------

IniMapping values:

User screensaver = C:\WINDOWS\System32\logon.scr

--------------------

Policies:

[Alternate policies]
* Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1) *
NoDriveTypeAutoRun = dword: 145


--------------------

Internet Explorer menu extensions (1):

E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

--------------------

URL search hooks (1):

Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll

--------------------

Approved Shell Extensions (1):

Web Folders - {BDEADF00-C265-11d0-BCED-00A0C90AB50F} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

--------------------

Registry 'Run' keys:

[User Run]
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background

--------------------

Hijack points:

[Internet Explorer URLs]
* Internet Explorer\Main (5) *
Default_Page_Url = http://www.dellnet.com/
First Home Page = http://www.dellnet.com/
Local Page = C:\WINDOWS\System32\blank.htm
Search Page = http://www.microsoft...=ie&ar=iesearch
Start Page = http://www.dellnet.com/

* Internet Explorer\Desktop\General (2) *
BackupWallpaper = C:\WINDOWS\web\wallpaper\Bliss.bmp
Wallpaper = C:\WINDOWS\web\wallpaper\Bliss.bmp



==================================================
= Other users on this computer: SYSTEM =
==================================================
--------------------

Autostart folders:

[Startup]
DESKTOP.INI

[User Startup]
DESKTOP.INI
PowerChute.lnk

--------------------

IniMapping values:

User screensaver = logon.scr

--------------------

Policies:

[Alternate policies]
* Software\Microsoft\Windows\CurrentVersion\policies\Explorer (2) *
NoDriveTypeAutoRun = dword: 145
CDRAutoRun = dword: 0


--------------------

Hijack points:

[Internet Explorer URLs]
* Internet Explorer\Main (3) *
Default_Page_Url = http://www.dellnet.com/
First Home Page = http://www.dellnet.com/
Start Page = http://www.dellnet.com/



==================================================
= Other hardware configurations: Last known good =
==================================================
--------------------

On-reboot actions:

BootExecute = autocheck autochk *

--------------------

Services:

[NT Services (40)]
APC UPS Service = C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
Ati HotKey Poller = C:\WINDOWS\system32\Ati2evxx.exe
ATI Smart = C:\WINDOWS\SYSTEM32\ati2sgag.exe
Automatic Updates = C:\WINDOWS\system32\svchost.exe -k netsvcs
Computer Browser = C:\WINDOWS\System32\svchost.exe -k netsvcs
Cryptographic Services = C:\WINDOWS\system32\svchost.exe -k netsvcs
DCOM Server Process Launcher = C:\WINDOWS\system32\svchost -k DcomLaunch
DHCP Client = C:\WINDOWS\System32\svchost.exe -k netsvcs
Distributed Link Tracking Client = C:\WINDOWS\system32\svchost.exe -k netsvcs
DNS Client = C:\WINDOWS\System32\svchost.exe -k NetworkService
Error Reporting Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
Event Log = C:\WINDOWS\system32\services.exe
Help and Support = C:\WINDOWS\System32\svchost.exe -k netsvcs
IPSEC Services = C:\WINDOWS\System32\lsass.exe
Norton AntiVirus Auto Protect Service = C:\Program Files\Norton AntiVirus\navapsvc.exe
Plug and Play = C:\WINDOWS\system32\services.exe
Print Spooler = C:\WINDOWS\system32\spoolsv.exe
Protected Storage = C:\WINDOWS\system32\lsass.exe
Remote Procedure Call (RPC) = C:\WINDOWS\system32\svchost -k rpcss
ScriptBlocking Service = C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
Secondary Logon = C:\WINDOWS\System32\svchost.exe -k netsvcs
Security Accounts Manager = C:\WINDOWS\system32\lsass.exe
Security Center = C:\WINDOWS\System32\svchost.exe -k netsvcs
Server = C:\WINDOWS\System32\svchost.exe -k netsvcs
Shell Hardware Detection = C:\WINDOWS\System32\svchost.exe -k netsvcs
System Event Notification = C:\WINDOWS\system32\svchost.exe -k netsvcs
System Restore Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
Task Scheduler = C:\WINDOWS\System32\svchost.exe -k netsvcs
TCP/IP NetBIOS Helper = C:\WINDOWS\System32\svchost.exe -k LocalService
Themes = C:\WINDOWS\System32\svchost.exe -k netsvcs
Uninterruptible Power Supply = C:\WINDOWS\System32\ups.exe
WebClient = C:\WINDOWS\System32\svchost.exe -k LocalService
Windows Audio = C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Firewall/Internet Connection Sharing (ICS) = C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Image Acquisition (WIA) = C:\WINDOWS\System32\svchost.exe -k imgsvc
Windows Management Instrumentation = C:\WINDOWS\system32\svchost.exe -k netsvcs
Windows Time = C:\WINDOWS\system32\svchost.exe -k netsvcs
Windows User Mode Driver Framework = C:\WINDOWS\system32\wdfmgr.exe
Wireless Zero Configuration = C:\WINDOWS\System32\svchost.exe -k netsvcs
Workstation = C:\WINDOWS\System32\svchost.exe -k netsvcs

[VxD Services (1)]
JAVASUP = JAVASUP.VXD

[SafeBoot services (Minimal boot)]
* CD-ROM Drive *
{4D36E965-E325-11CE-BFC1-08002BE10318}

* DiskDrive *
{4D36E967-E325-11CE-BFC1-08002BE10318}

* Driver *
dmboot.sys
dmio.sys
dmload.sys
sermouse.sys
vga.sys
vgasave.sys

* Driver Group *
Base
Boot Bus Extender
Boot file system
File system
Filter
PCI Configuration
PNP Filter
Primary disk
SCSI Class
System Bus Extender

* Floppy disk drive *
{4D36E980-E325-11CE-BFC1-08002BE10318}

* FSFilter System Recovery *
sr.sys

* Hdc *
{4D36E96A-E325-11CE-BFC1-08002BE10318}

* Human Interface Devices *
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

* Keyboard *
{4D36E96B-E325-11CE-BFC1-08002BE10318}

* Mouse *
{4D36E96F-E325-11CE-BFC1-08002BE10318}

* PCMCIA Adapters *
{4D36E977-E325-11CE-BFC1-08002BE10318}

* SCSIAdapter *
{4D36E97B-E325-11CE-BFC1-08002BE10318}

* Service *
AppMgmt
CryptSvc
DcomLaunch
dmadmin
dmserver
EventLog
HelpSvc
Netlogon
PlugPlay
RpcSs
SRService
vds
WinMgmt

* Standard floppy disk controller *
{4D36E969-E325-11CE-BFC1-08002BE10318}

* System *
{4D36E97D-E325-11CE-BFC1-08002BE10318}

* Universal Serial Bus controllers *
{36FC9E60-C465-11CF-8056-444553540000}

* Volume *
{71A27CDD-812A-11D0-BEC7-08002BE2092F}

* Volume shadow copy *
{533C5B84-EC70-11D2-9505-00C04F79DEAF}


[SafeBoot services (Minimal boot + network support)]
* CD-ROM Drive *
{4D36E965-E325-11CE-BFC1-08002BE10318}

* DiskDrive *
{4D36E967-E325-11CE-BFC1-08002BE10318}

* Driver *
dmboot.sys
dmio.sys
dmload.sys
ip6fw.sys
ipnat.sys
rdpcdd.sys
rdpdd.sys
rdpwd.sys
sermouse.sys
tdpipe.sys
tdtcp.sys
vga.sys
vgasave.sys

* Driver Group *
Base
Boot Bus Extender
Boot file system
File system
Filter
NDIS
NDIS Wrapper
NetBIOSGroup
NetDDEGroup
Network
NetworkProvider
PCI Configuration
PNP Filter
PNP_TDI
Primary disk
SCSI Class
Streams Drivers
System Bus Extender
TDI

* Floppy disk drive *
{4D36E980-E325-11CE-BFC1-08002BE10318}

* FSFilter System Recovery *
sr.sys

* Hdc *
{4D36E96A-E325-11CE-BFC1-08002BE10318}

* Human Interface Devices *
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

* Keyboard *
{4D36E96B-E325-11CE-BFC1-08002BE10318}

* Mouse *
{4D36E96F-E325-11CE-BFC1-08002BE10318}

* Net *
{4D36E972-E325-11CE-BFC1-08002BE10318}

* NetClient *
{4D36E973-E325-11CE-BFC1-08002BE10318}

* NetService *
{4D36E974-E325-11CE-BFC1-08002BE10318}

* NetTrans *
{4D36E975-E325-11CE-BFC1-08002BE10318}

* PCMCIA Adapters *
{4D36E977-E325-11CE-BFC1-08002BE10318}

* SCSIAdapter *
{4D36E97B-E325-11CE-BFC1-08002BE10318}

* Service *
AFD
AppMgmt
Browser
CryptSvc
DcomLaunch
Dhcp
dmadmin
dmserver
DnsCache
EventLog
HelpSvc
LanmanServer
LanmanWorkstation
LmHosts
Messenger
Ndisuio
NetBIOS
NetBT
Netlogon
NetMan
NtLmSsp
PlugPlay
rdsessmgr
RpcSs
sharedaccess
SRService
SYMTDI
Tcpip
termservice
UploadMgr
WinMgmt
WZCSVC

* Standard floppy disk controller *
{4D36E969-E325-11CE-BFC1-08002BE10318}

* System *
{4D36E97D-E325-11CE-BFC1-08002BE10318}

* Universal Serial Bus controllers *
{36FC9E60-C465-11CF-8056-444553540000}

* Volume *
{71A27CDD-812A-11D0-BEC7-08002BE2092F}


[SafeBoot: Alternate shell]
cmd.exe (not enabled)

--------------------

Driver filters:

[Class filters]
* Infrared devices *
- Upper filters
IRENUM.sys

* Storage volumes *
- Upper filters
VolSnap.sys



[Device filters]
* BCM V.92 56K Voicemodem *
- Lower filters
BCMModem.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

- Lower filters
imapi.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

* Communications Port *
- Upper filters
serenum.sys

* Communications Port *
- Upper filters
serenum.sys

* Direct Parallel *
- Lower filters
PtiLink.sys

* Intel® 82820 Processor to AGP Controller *
- Upper filters
AGP440.sys

* Intel® 82850/82860 Processor to AGP Controller - 2532 *
- Upper filters
AGP440.sys

* Sony DSC *
- Lower filters
SONYPVU1.sys

* Sony DSC *
- Lower filters
SONYPVU1.sys

* Terminal Server Keyboard Driver *
- Upper filters
kbdclass.sys

* Terminal Server Mouse Driver *
- Upper filters
mouclass.sys

* WAN Miniport (IP) *
- Lower filters
NdisTapi.sys

* WAN Miniport (PPPOE) *
- Lower filters
NdisTapi.sys

* WAN Miniport (PPTP) *
- Lower filters
NdisTapi.sys



--------------------

Print monitors (5):

BJ Language Monitor - cnbjmon.dll
Local Port - localspl.dll
PJL Language Monitor - pjlmon.dll
Standard TCP/IP Port - tcpmon.dll
USB Monitor - usbmon.dll

--------------------

WOW compatibility:

cmdline = C:\WINDOWS\system32\ntvdm.exe
wowcmdline = C:\WINDOWS\system32\ntvdm.exe -a C:\WINDOWS\system32\krnl386

[KnownDlls (16-bit) (40)]
avicap.dll
avifile.dll
comm.drv
commdlg.dll
compobj.dll
ctl3dv2.dll
ddeml.dll
keyboard.drv
lanman.drv
mapi.dll
mciavi.drv
mciseq.drv
mciwave.drv
mmsystem.dll
mouse.drv
msacm.dll
msvideo.dll
netapi.dll
ole2.dll
ole2disp.dll
ole2nls.dll
olecli.dll
olesvr.dll
pmspl.dll
progman.exe
rasapi16.dll
shell.dll
sound.drv
storage.dll
system.drv
timer.drv
toolhelp.dll
typelib.dll
vga.drv
wfwnet.drv
win87em.dll
winoldap.mod
winsock.dll
winspool.exe
wowdeb.exe

[KnownDlls (32-bit) (20)]
advapi32.dll
comdlg32.dll
gdi32.dll
imagehlp.dll
kernel32.dll
lz32.dll
ole32.dll
oleaut32.dll
olecli32.dll
olecnv32.dll
olesvr32.dll
olethk32.dll
rpcrt4.dll
shell32.dll
url.dll
urlmon.dll
user32.dll
version.dll
wininet.dll
wldap32.dll


--------------------------------------------------
End of report, 135,034 bytes

Commandline options:
/showempty - Show empty sections
/showcmts - Show comments in .bat files
/noshowclsids - Hide class IDs
/noshowprivate - Hide usernames and computer name
/noshowusers - Hide entries from other users
/noshowhardware - Hide entries from other hardware configurations
/showlargehosts - Show hosts file even when more than 1000 lines are in it
/showlargezones - Show Zones even when more than 1000 domains are in them
/autosave - Run hidden, automatically save a report and quit


WinPFind.txt
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Edited by twism7, 28 April 2006 - 11:55 AM.

  • 0

#18
twism7
Posted 28 April 2006 - 11:56 AM

twism7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
WinPFind.txt continued

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
UPX! 4/11/2006 2:07:58 AM 467968 C:\visfx500.exe

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
UPX! 9/1/2004 10:49:56 AM 284672 C:\WINDOWS\SYSTEM32\avisynth.dll
PEC2 8/18/2001 8:00:00 AM 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC
FSG! 12/10/2003 4:36:10 PM 236544 C:\WINDOWS\SYSTEM32\divxdec.ax
Umonitor 7/7/1998 1:01:02 AM 324096 C:\WINDOWS\SYSTEM32\ipebase11.dll
PTech 7/12/2005 7:04:22 PM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 4/6/2006 3:48:38 PM 5143456 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 4/6/2006 3:48:38 PM 5143456 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 3:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 3:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/18/2001 8:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 1:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\HOSTS
127.0.0.1 www.qoologic.com
127.0.0.1 www.urllogic.com


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
4/28/2006 1:26:26 PM S 2048 C:\WINDOWS\BOOTSTAT.DAT
4/26/2006 4:44:56 PM H 54156 C:\WINDOWS\QTFont.qfn
4/27/2006 9:58:14 PM H 0 C:\WINDOWS\LastGood\INF\oem35.inf
4/27/2006 9:58:14 PM H 0 C:\WINDOWS\LastGood\INF\oem35.PNF
3/22/2006 7:17:30 PM S 14054 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB908531.cat
3/23/2006 2:15:38 AM S 10925 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911562.cat
3/13/2006 4:45:34 PM S 7898 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911565.cat
3/17/2006 5:24:26 AM S 12455 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911567.cat
3/30/2006 6:03:56 AM S 22339 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912812.cat
4/28/2006 1:26:14 PM H 8192 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
4/28/2006 1:26:42 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
4/28/2006 1:26:28 PM H 16384 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
4/28/2006 1:26:44 PM H 73728 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
4/28/2006 1:26:32 PM H 1200128 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
4/19/2006 3:33:52 AM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
4/26/2006 4:15:10 AM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\aa3772cd-5801-4636-aa4d-d97d7fcf69af
4/26/2006 4:15:10 AM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred
4/28/2006 1:25:28 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 4/13/2005 4:48:52 AM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/18/2001 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\MAIN.CPL
Microsoft Corporation 8/4/2004 3:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/18/2001 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL
Microsoft Corporation 8/4/2004 3:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Intel Corporation 4/9/2002 1:05:28 PM 774144 C:\WINDOWS\SYSTEM32\PROSetp.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Voyetra Turtle Beach, Inc. 4/3/2002 4:47:48 PM 155648 C:\WINDOWS\SYSTEM32\tbccpnl.cpl
Microsoft Corporation 8/18/2001 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL
Microsoft Corporation 8/4/2004 3:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 5:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 5/26/2005 5:16:30 AM 174360 C:\WINDOWS\SYSTEM32\DLLCACHE\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
8/31/2001 11:50:56 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI

Checking files in %ALLUSERSPROFILE%\Application Data folder...
8/31/2001 11:40:22 AM HS 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
2/3/2006 7:31:08 PM 219 C:\Documents and Settings\All Users\Application Data\G-Force Prefs (iTunes).txt
7/17/2004 6:22:16 PM 221 C:\Documents and Settings\All Users\Application Data\G-Force Prefs (Winamp).txt
4/5/2006 1:08:16 AM 1359 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
8/31/2001 11:50:56 AM HS 84 C:\Documents and Settings\John Litscher\Start Menu\Programs\Startup\DESKTOP.INI
1/26/2004 2:56:06 AM 807 C:\Documents and Settings\John Litscher\Start Menu\Programs\Startup\PowerChute.lnk

Checking files in %USERPROFILE%\Application Data folder...
8/31/2001 11:40:22 AM HS 62 C:\Documents and Settings\John Litscher\Application Data\DESKTOP.INI

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\StuffIt Compress Menu
=
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\StuffIt Compress Menu
=
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\PROGRA~1\AIM95\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E023F504-0C5A-4750-A1E7-A9046DEA8A21}
ButtonText = MoneySide :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{21569614-B795-46B1-85F4-E737A8DC09AD}
Shell Search Band = %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{9404901D-06DA-4B23-A0EE-3EA4F64EC9B3}
MoneySide = C:\Program Files\Microsoft Money\System\mnyviewer.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NAV Agent C:\PROGRA~1\NORTON~1\navapw32.exe
DellTouch C:\WINDOWS\MMKeybd.exe
Dell|Alert C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
item Adobe Gamma Loader
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
item Adobe Gamma Loader

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l
item Microsoft Office
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l
item Microsoft Office

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^John Litscher^Start Menu^Programs^Startup^PowerReg Scheduler.exe
path C:\Documents and Settings\John Litscher\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup C:\WINDOWS\pss\PowerReg Scheduler.exeStartup
location Startup
command C:\Documents and Settings\John Litscher\Start Menu\Programs\Startup\PowerReg Scheduler.exe
item PowerReg Scheduler
path C:\Documents and Settings\John Litscher\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup C:\WINDOWS\pss\PowerReg Scheduler.exeStartup
location Startup
command C:\Documents and Settings\John Litscher\Start Menu\Programs\Startup\PowerReg Scheduler.exe
item PowerReg Scheduler

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^John Litscher^Start Menu^Programs^Startup^Webshots.lnk
path C:\Documents and Settings\John Litscher\Start Menu\Programs\Startup\Webshots.lnk
backup C:\WINDOWS\pss\Webshots.lnkStartup
location Startup
command C:\PROGRA~1\Webshots\WEBSHO~1.EXE
item Webshots
path C:\Documents and Settings\John Litscher\Start Menu\Programs\Startup\Webshots.lnk
backup C:\WINDOWS\pss\Webshots.lnkStartup
location Startup
command C:\PROGRA~1\Webshots\WEBSHO~1.EXE
item Webshots

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKCU
command
inimapping 0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdaptecDirectCD
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DirectCD
hkey HKLM
command "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DirectCD
hkey HKLM
command "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AIM
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item aim
hkey HKCU
command C:\Program Files\AIM95\aim.exe -cnetwait.odl
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item aim
hkey HKCU
command C:\Program Files\AIM95\aim.exe -cnetwait.odl
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATI DeviceDetect
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ATIDtct
hkey HKCU
command C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ATIDtct
hkey HKCU
command C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATI Launchpad
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item LaunchPd
hkey HKCU
command "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item LaunchPd
hkey HKCU
command "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATI Remote Control
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ATIRW
hkey HKCU
command C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ATIRW
hkey HKCU
command C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATICCC
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item cli
hkey HKLM
command "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item cli
hkey HKLM
command "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATIModeChange
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Ati2mdxx
hkey HKLM
command Ati2mdxx.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Ati2mdxx
hkey HKLM
command Ati2mdxx.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATIPTA
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item atiptaxx
hkey HKLM
command C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item atiptaxx
hkey HKLM
command C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCMSMMSG
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item BCMSMMSG
hkey HKLM
command BCMSMMSG.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item BCMSMMSG
hkey HKLM
command BCMSMMSG.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DeadAIM
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DeadAIM
hkey HKLM
command rundll32.exe "C:\Program Files\AIM95\DeadAIM.ocm",ExportedCheckODLs
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DeadAIM
hkey HKLM
command rundll32.exe "C:\Program Files\AIM95\DeadAIM.ocm",ExportedCheckODLs
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DIGStream
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item digstream
hkey HKLM
command C:\Program Files\DIGStream\digstream.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item digstream
hkey HKLM
command C:\Program Files\DIGStream\digstream.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iTunesHelper
hkey HKLM
command "C:\Program Files\iTunes\iTunesHelper.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iTunesHelper
hkey HKLM
command "C:\Program Files\iTunes\iTunesHelper.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KernelFaultCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dumprep 0 -k
hkey HKLM
command %systemroot%\system32\dumprep 0 -k
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dumprep 0 -k
hkey HKLM
command %systemroot%\system32\dumprep 0 -k
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MoneyStartUp10.0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Activation
hkey HKLM
command "C:\Program Files\Microsoft Money\System\Activation.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Activation
hkey HKLM
command "C:\Program Files\Microsoft Money\System\Activation.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Symantec NetDriver Monitor
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SNDMon
hkey HKCU
command C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SNDMon
hkey HKCU
command C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TraySantaCruz
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item tbctray
hkey HKLM
command C:\WINDOWS\SYSTEM32\tbctray.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item tbctray
hkey HKLM
command C:\WINDOWS\SYSTEM32\tbctray.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ypager
hkey HKCU
command C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ypager
hkey HKCU
command C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\SYSTEM32\Userinit.exe,
Shell = explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 4/28/2006 1:35:25 PM
  • 0

#19
RiP
Posted 28 April 2006 - 07:54 PM

RiP

    Malware Expert

  • Retired Staff
  • 8,430 posts
Hello, twism7.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

  • 0

#20
twism7
Posted 29 April 2006 - 12:42 AM

twism7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hello RiP ChAiN,

Thank you again for your quick response. Below is my ActiveScan report. Thanks for your time.

-John



Incident Status Location

Adware:adware/commad Not disinfected c:\windows\system32\atmtd.dll
Adware:adware/comet Not disinfected c:\windows\downloaded program files\dm.inf
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\John Litscher\Local Settings\Temporary Internet Files\Ssk.log
Adware:adware/dollarrevenue Not disinfected c:\windows\teller2.chk
Adware:adware/maxifiles Not disinfected c:\program files\common files\Windows
Adware:adware/dyfuca Not disinfected c:\program files\Internet Optimizer
Adware:adware/webhancer Not disinfected c:\program files\whInstall
Adware:adware/deskwizz Not disinfected Windows Registry
Spyware:spyware/new.net Not disinfected Windows Registry
Virus:W32/Gaobot.MJA.worm Disinfected C:\!KillBox\b.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\!KillBox\csrrs.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\!KillBox\Hot.exe
Spyware:Spyware/New.net Not disinfected C:\!KillBox\NDNuninstall4_50.exe
Spyware:Spyware/New.net Not disinfected C:\!KillBox\NDNuninstall6_38.exe
Spyware:Spyware/New.net Not disinfected C:\!KillBox\NDNuninstall7_22.exe
Spyware:Spyware/New.net Not disinfected C:\!KillBox\NNSCAA638.EXE
Adware:Adware/ConsumerAlertSystem Not disinfected C:\!KillBox\offun.exe
Virus:Trj/Downloader.HPZ Not disinfected C:\!KillBox\pf78.exe[pms111x.exe]
Virus:Trj/VB.MC Not disinfected C:\!KillBox\pf78.exe[SYSC00.exe]
Adware:Adware/Dyfuca Not disinfected C:\!KillBox\pf79.exe
Spyware:Spyware/SurfSideKick Not disinfected C:\!KillBox\SS1001.exe
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\John Litscher\Cookies\john litscher@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\John Litscher\Cookies\john [email protected][1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\John Litscher\Cookies\john [email protected][2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\John Litscher\Cookies\john litscher@advertising[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\John Litscher\Cookies\john [email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\John Litscher\Cookies\john litscher@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\John Litscher\Cookies\john litscher@atwola[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\John Litscher\Cookies\john litscher@burstnet[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\John Litscher\Cookies\john litscher@casalemedia[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\John Litscher\Cookies\john litscher@com[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\John Litscher\Cookies\john litscher@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\John Litscher\Cookies\john litscher@fastclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\John Litscher\Cookies\john litscher@hitbox[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\John Litscher\Cookies\john litscher@maxserving[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\John Litscher\Cookies\john litscher@mediaplex[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\John Litscher\Cookies\john litscher@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\John Litscher\Cookies\john litscher@realmedia[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\John Litscher\Cookies\john litscher@serving-sys[1].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\John Litscher\Cookies\john [email protected][2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\John Litscher\Cookies\john litscher@tribalfusion[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\John Litscher\Cookies\john [email protected][2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\John Litscher\Cookies\john litscher@zedo[2].txt
Possible Virus. Not disinfected C:\Documents and Settings\John Litscher\Desktop\ATF-Cleaner.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\John Litscher\Desktop\l2mfix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\John Litscher\Desktop\l2mfix.exe[l2mfix/Process.exe]
Virus:Bck/IRCBot.WJ Disinfected C:\iexplore.exe
Virus:W32/Gaobot.MJA.worm Disinfected C:\Program Files\Hijackthis\backups\backup-20060414-142534-418-svchost.exe
Virus:Bck/IRCBot.WJ Disinfected C:\Setup.exe
Adware:Adware/CommAd Not disinfected C:\WINDOWS\Sm9obiBMaXRzY2hlcg\asappsrv.dll
Adware:Adware/CommAd Not disinfected C:\WINDOWS\Sm9obiBMaXRzY2hlcg\command.exe
Adware:Adware/CommAd Not disinfected C:\WINDOWS\Sm9obiBMaXRzY2hlcg\mA6Cv21gurlWsZ15w0.vbs
Virus:Trj/Downloader.INO Disinfected C:\WINDOWS\SYSTEM32\OLD4.tmp
Virus:Bck/IRCBot.WJ Disinfected C:\WINDOWS\SYSTEM32\rar.exe

Edited by twism7, 29 April 2006 - 12:49 AM.

  • 0

#21
RiP
Posted 29 April 2006 - 12:47 AM

RiP

    Malware Expert

  • Retired Staff
  • 8,430 posts
Hello, twism7.

Please delete the following folders:

c:\program files\common files\Windows
c:\program files\Internet Optimizer
c:\program files\whInstall
C:\WINDOWS\Sm9obiBMaXRzY2hlcg

Please download the Killbox by Option^Explicit. ( Save it to your desktop. )

Note: In the event you already have Killbox, this is a new version that I need you to download.

Run Killbox:
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    c:\windows\system32\atmtd.dll
    c:\windows\downloadedprogramfiles\dm.inf
    C:\Documents and Settings\John Litscher\Local Settings\Temporary Internet Files\Ssk.log
    c:\windows\teller2.chk
    C:\Setup.exe
    C:\WINDOWS\SYSTEM32\OLD4.tmp
    C:\WINDOWS\SYSTEM32\rar.exe

  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Reboot into Normal Mode.

Please include a fresh HijackThis log and an update on how your computer is running.
  • 0

#22
twism7
Posted 29 April 2006 - 01:00 AM

twism7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hello RiP ChAiN,

Thank you again for your quick response. Below is my new HjT log. Thanks for your time.

-John

I could not find C:WINDOWS\Sm9obiBMaXRzYhlcg.
I did not receive a PendingFileRenameOperations prompt.

An update on how your computer is running.
The original Tagasaurus is still on my desktop, as well as a link to Titan Poker. When I put the mouse over the icon, it displays:
http://www.clicklinkc.net/icon.php?...
There are some strange things in my C: such as visfx500 as well as some *.$$$ files.

Logfile of HijackThis v1.99.1
Scan saved at 2:56:46 AM, on 4/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\SYSTEM32\Userinit.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\MMKeybd.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Netropa\Traymon.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\wscntfy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Startup: PowerChute.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\PowerChute.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct0_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et0_x.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.log...n/bin/imvid.cab
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

Edited by twism7, 29 April 2006 - 01:07 AM.

  • 0

#23
RiP
Posted 29 April 2006 - 01:07 AM

RiP

    Malware Expert

  • Retired Staff
  • 8,430 posts
Hello, twism7.

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click Download Now to download the program.
  • Install it. Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.

  • 0

#24
RiP
Posted 29 April 2006 - 01:11 AM

RiP

    Malware Expert

  • Retired Staff
  • 8,430 posts
Hello, twism7.

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click Download Now to download the program.
  • Install it. Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.

  • 0

#25
twism7
Posted 29 April 2006 - 01:59 AM

twism7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hello RiP ChAiN,

Thank you again for your quick response. Below is my session log. Thanks for your time.

-John

********
3:16 AM: | Start of Session, Saturday, April 29, 2006 |
3:16 AM: Spy Sweeper started
3:16 AM: Sweep initiated using definitions version 668
3:16 AM: Starting Memory Sweep
3:18 AM: Memory Sweep Complete, Elapsed Time: 00:02:15
3:18 AM: Starting Registry Sweep
3:18 AM: Found Adware: comet cursor
3:18 AM: HKCR\clsid\{f59c663d-e891-492c-86e3-0758c71885c2}\ (11 subtraces) (ID = 106359)
3:18 AM: HKCR\cssecurity.htmlsecurity.1\ (3 subtraces) (ID = 106426)
3:18 AM: HKCR\cssecurity.htmlsecurity\ (5 subtraces) (ID = 106427)
3:18 AM: HKCR\interface\{e9cbbeed-20b6-456c-8589-cf364d9d2370}\ (8 subtraces) (ID = 106503)
3:18 AM: HKLM\software\classes\clsid\{f59c663d-e891-492c-86e3-0758c71885c2}\ (11 subtraces) (ID = 106577)
3:18 AM: HKLM\software\classes\cssecurity.htmlsecurity\ (5 subtraces) (ID = 106610)
3:18 AM: HKLM\software\classes\interface\{e9cbbeed-20b6-456c-8589-cf364d9d2370}\ (8 subtraces) (ID = 106680)
3:18 AM: HKLM\software\classes\typelib\{844c39ec-7ea4-4f11-bce6-28404fd768e3}\ (9 subtraces) (ID = 106706)
3:18 AM: HKCR\typelib\{844c39ec-7ea4-4f11-bce6-28404fd768e3}\ (9 subtraces) (ID = 106757)
3:18 AM: Found Adware: internetoptimizer
3:18 AM: HKCR\clsid\{00000010-6f7d-442c-93e3-4a4827c2e4c8}\ (11 subtraces) (ID = 128881)
3:18 AM: HKLM\software\classes\clsid\{00000010-6f7d-442c-93e3-4a4827c2e4c8}\ (11 subtraces) (ID = 128892)
3:18 AM: HKLM\software\microsoft\windows\currentversion\uninstall\kapabout\ (2 subtraces) (ID = 128924)
3:18 AM: HKLM\software\policies\avenue media\ (ID = 128929)
3:18 AM: Found Adware: surfsidekick
3:18 AM: HKLM\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143400)
3:18 AM: HKLM\software\surfsidekick3\ (2 subtraces) (ID = 143413)
3:18 AM: Found Adware: clkoptimizer
3:18 AM: HKLM\software\qstat\ (5 subtraces) (ID = 769771)
3:18 AM: HKLM\software\qstat\ || brr (ID = 877670)
3:18 AM: Found Adware: command
3:18 AM: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ (7 subtraces) (ID = 892523)
3:18 AM: Found Adware: dollarrevenue
3:18 AM: HKLM\software\policies\ || {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} (ID = 916803)
3:18 AM: Found Adware: enbrowser
3:18 AM: HKLM\software\system\sysold\ (2 subtraces) (ID = 926808)
3:18 AM: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ || nomodify (ID = 958653)
3:18 AM: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ || noremove (ID = 958654)
3:18 AM: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ || norepair (ID = 958655)
3:18 AM: HKLM\software\policies\ || {6bf52a52-394a-11d3-b153-00c04f79faa6} (ID = 967836)
3:18 AM: HKLM\software\policies\ || {645ff040-5081-101b-9f08-00aa002f954e} (ID = 1036890)
3:18 AM: HKLM\software\microsoft\drsmartload2\ (1 subtraces) (ID = 1134137)
3:18 AM: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ || uninstallstring (ID = 1134952)
3:18 AM: HKCR\clsid\{ce3a44d8-bc88-4d62-a890-42d96245f8d6}\ (6 subtraces) (ID = 1212644)
3:18 AM: HKLM\software\classes\clsid\{ce3a44d8-bc88-4d62-a890-42d96245f8d6}\ (6 subtraces) (ID = 1212651)
3:18 AM: HKU\S-1-5-21-2424629274-963918322-4271176276-1006\software\avenue media\ (ID = 128887)
3:18 AM: HKU\S-1-5-21-2424629274-963918322-4271176276-1006\software\policies\avenue media\ (ID = 128928)
3:18 AM: HKU\S-1-5-21-2424629274-963918322-4271176276-1006\software\surfsidekick3\ (3 subtraces) (ID = 143412)
3:18 AM: Found Adware: findthewebsiteyouneed hijack
3:18 AM: HKU\S-1-5-21-2424629274-963918322-4271176276-1006\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
3:18 AM: HKU\S-1-5-21-2424629274-963918322-4271176276-1006\software\system\sysuid\ (1 subtraces) (ID = 731748)
3:18 AM: Found Adware: maxifiles
3:18 AM: HKU\S-1-5-21-2424629274-963918322-4271176276-1006\software\director\ || baseurl (ID = 980277)
3:18 AM: HKU\S-1-5-21-2424629274-963918322-4271176276-1006\software\xbtb04715\ (1 subtraces) (ID = 1156401)
3:18 AM: Registry Sweep Complete, Elapsed Time:00:00:15
3:18 AM: Starting Cookie Sweep
3:18 AM: Found Spy Cookie: 2o7.net cookie
3:18 AM: john litscher@2o7[1].txt (ID = 1957)
3:18 AM: Found Spy Cookie: yieldmanager cookie
3:18 AM: john [email protected][1].txt (ID = 3751)
3:18 AM: Found Spy Cookie: adknowledge cookie
3:18 AM: john litscher@adknowledge[2].txt (ID = 2072)
3:18 AM: Found Spy Cookie: specificclick.com cookie
3:18 AM: john [email protected][1].txt (ID = 3400)
3:18 AM: Found Spy Cookie: addynamix cookie
3:18 AM: john [email protected][1].txt (ID = 2062)
3:18 AM: Found Spy Cookie: pointroll cookie
3:18 AM: john [email protected][2].txt (ID = 3148)
3:18 AM: Found Spy Cookie: advertising cookie
3:18 AM: john litscher@advertising[2].txt (ID = 2175)
3:18 AM: Found Spy Cookie: tacoda cookie
3:18 AM: john [email protected][1].txt (ID = 6445)
3:18 AM: Found Spy Cookie: falkag cookie
3:18 AM: john [email protected][1].txt (ID = 2650)
3:18 AM: Found Spy Cookie: ask cookie
3:18 AM: john litscher@ask[1].txt (ID = 2245)
3:18 AM: Found Spy Cookie: atlas dmt cookie
3:18 AM: john litscher@atdmt[2].txt (ID = 2253)
3:18 AM: Found Spy Cookie: atwola cookie
3:18 AM: john litscher@atwola[1].txt (ID = 2255)
3:18 AM: Found Spy Cookie: burstnet cookie
3:18 AM: john litscher@burstnet[1].txt (ID = 2336)
3:18 AM: Found Spy Cookie: casalemedia cookie
3:19 AM: john litscher@casalemedia[2].txt (ID = 2354)
3:19 AM: Found Spy Cookie: ru4 cookie
3:19 AM: john [email protected][2].txt (ID = 3269)
3:19 AM: Found Spy Cookie: fastclick cookie
3:19 AM: john litscher@fastclick[1].txt (ID = 2651)
3:19 AM: Found Spy Cookie: maxserving cookie
3:19 AM: john litscher@maxserving[2].txt (ID = 2966)
3:19 AM: Found Spy Cookie: mediaplex cookie
3:19 AM: john litscher@mediaplex[2].txt (ID = 6442)
3:19 AM: john [email protected][1].txt (ID = 1958)
3:19 AM: Found Spy Cookie: nextag cookie
3:19 AM: john litscher@nextag[2].txt (ID = 5014)
3:19 AM: Found Spy Cookie: questionmarket cookie
3:19 AM: john litscher@questionmarket[2].txt (ID = 3217)
3:19 AM: Found Spy Cookie: realmedia cookie
3:19 AM: john litscher@realmedia[2].txt (ID = 3235)
3:19 AM: john [email protected][2].txt (ID = 2650)
3:19 AM: Found Spy Cookie: serving-sys cookie
3:19 AM: john litscher@serving-sys[1].txt (ID = 3343)
3:19 AM: Found Spy Cookie: onestat.com cookie
3:19 AM: john [email protected][2].txt (ID = 3098)
3:19 AM: john litscher@tacoda[2].txt (ID = 6444)
3:19 AM: Found Spy Cookie: tribalfusion cookie
3:19 AM: john litscher@tribalfusion[2].txt (ID = 3589)
3:19 AM: Found Spy Cookie: coremetrics cookie
3:19 AM: john [email protected][1].txt (ID = 2472)
3:19 AM: Found Spy Cookie: burstbeacon cookie
3:19 AM: john [email protected][2].txt (ID = 2335)
3:19 AM: Found Spy Cookie: zedo cookie
3:19 AM: john litscher@zedo[2].txt (ID = 3762)
3:19 AM: Cookie Sweep Complete, Elapsed Time: 00:00:02
3:19 AM: Starting File Sweep
3:19 AM: a0067523.dll (ID = 282452)
3:19 AM: unin101.exe (ID = 245111)
3:19 AM: Found Adware: targetsaver
3:19 AM: a0067526.dll (ID = 195129)
3:19 AM: a0067561.exe (ID = 244762)
3:19 AM: a0067545.exe (ID = 244277)
3:19 AM: a0067553.exe (ID = 193995)
3:20 AM: a0067543.exe (ID = 190798)
3:20 AM: Found Adware: webhancer
3:20 AM: a0067357.dll (ID = 267881)
3:20 AM: a0067803.dll (ID = 244763)
3:20 AM: Found Trojan Horse: rbot
3:20 AM: a0067926.exe (ID = 269648)
3:20 AM: a0067464.exe (ID = 193501)
3:20 AM: ss1001.exe (ID = 215896)
3:20 AM: Found Trojan Horse: trojan downloader matcash
3:20 AM: a0067541.exe (ID = 246327)
3:20 AM: a0067359.dll (ID = 267884)
3:21 AM: a0067546.exe (ID = 285560)
3:21 AM: a0067552.exe (ID = 185985)
3:21 AM: Found Adware: zenosearchassistant
3:21 AM: a0067558.exe (ID = 245938)
3:21 AM: a0067956.exe (ID = 214386)
3:21 AM: a0067563.exe (ID = 231443)
3:21 AM: a0067560.exe (ID = 293)
3:21 AM: a0067921.exe (ID = 269648)
3:21 AM: a0067952.exe (ID = 269649)
3:22 AM: a0068062.exe (ID = 269648)
3:22 AM: a0067557.exe (ID = 293)
3:22 AM: a0067902.exe (ID = 269648)
3:22 AM: Found Adware: purityscan
3:22 AM: a0067513.exe (ID = 271320)
3:22 AM: a0067914.exe (ID = 269648)
3:22 AM: a0067533.dll (ID = 268933)
3:22 AM: a0067555.exe (ID = 267157)
3:22 AM: a0067547.exe (ID = 282343)
3:22 AM: a0067542.exe (ID = 184143)
3:23 AM: a0067355.exe (ID = 271215)
3:23 AM: pf79.exe (ID = 214386)
3:23 AM: a0067939.exe (ID = 269648)
3:23 AM: a0067521.exe (ID = 269648)
3:23 AM: a0067525.exe (ID = 195128)
3:23 AM: a0067920.exe (ID = 269648)
3:23 AM: Found Adware: look2me
3:23 AM: a0067587.dll (ID = 159)
3:23 AM: a0067569.exe (ID = 269649)
3:23 AM: a0067944.exe (ID = 269648)
3:23 AM: a0067931.exe (ID = 269648)
3:23 AM: a0067394.exe (ID = 269649)
3:23 AM: a0067936.exe (ID = 269648)
3:24 AM: Found Adware: zquest
3:24 AM: a0067544.dll (ID = 273523)
3:24 AM: a0067535.exe (ID = 268934)
3:24 AM: uni_eh.exe (ID = 245110)
3:24 AM: a0067352.exe (ID = 244278)
3:24 AM: a0067531.exe (ID = 268932)
3:25 AM: pf78.exe (ID = 244430)
3:25 AM: a0067354.exe (ID = 270029)
3:25 AM: a0067524.exe (ID = 195131)
3:25 AM: a0067463.exe (ID = 195132)
3:25 AM: a0067901.exe (ID = 269648)
3:26 AM: a0067938.exe (ID = 269648)
3:26 AM: a0067380.exe (ID = 269649)
3:26 AM: a0067904.exe (ID = 269648)
3:26 AM: a0067932.exe (ID = 269648)
3:26 AM: a0067906.exe (ID = 269648)
3:26 AM: a0067915.exe (ID = 269648)
3:26 AM: a0067905.exe (ID = 269648)
3:27 AM: a0068060.exe (ID = 269648)
3:27 AM: a0067927.exe (ID = 269648)
3:27 AM: Found Adware: visfx
3:27 AM: offun.exe (ID = 215807)
3:27 AM: a0067551.exe (ID = 282332)
3:27 AM: a0067909.exe (ID = 269648)
3:28 AM: a0067933.exe (ID = 269648)
3:29 AM: a0067950.exe (ID = 269648)
3:29 AM: atmtd.dll (ID = 166754)
3:29 AM: a0067945.exe (ID = 273586)
3:30 AM: a0067924.exe (ID = 269648)
3:30 AM: a0068072.dll (ID = 166754)
3:30 AM: a0067934.exe (ID = 269648)
3:31 AM: a0067900.exe (ID = 269648)
3:32 AM: a0067907.exe (ID = 269648)
3:32 AM: a0068058.exe (ID = 269649)
3:32 AM: a0067408.exe (ID = 269649)
3:32 AM: atmtd.dll._ (ID = 166754)
3:32 AM: a0068059.exe (ID = 269649)
3:32 AM: a0067418.exe (ID = 269649)
3:32 AM: sys027558953010.exe (ID = 270029)
3:32 AM: a0067432.exe (ID = 269649)
3:32 AM: a0067917.exe (ID = 269648)
3:32 AM: a0067912.exe (ID = 269648)
3:32 AM: a0067548.exe (ID = 282345)
3:32 AM: a0067913.exe (ID = 269648)
3:32 AM: a0067928.exe (ID = 269648)
3:33 AM: a0067458.dll (ID = 282442)
3:33 AM: a0067898.exe (ID = 269648)
3:33 AM: a0067957.exe (ID = 215896)
3:33 AM: a0067381.exe (ID = 185254)
3:33 AM: nt68rrtc12.sys (ID = 220230)
3:33 AM: a0067367.exe (ID = 185254)
3:33 AM: a0067450.exe (ID = 269649)
3:33 AM: a0067937.exe (ID = 269648)
3:34 AM: a0067943.exe (ID = 269648)
3:34 AM: a0067562.exe (ID = 190798)
3:35 AM: a0067925.exe (ID = 269648)
3:35 AM: a0067935.exe (ID = 269648)
3:35 AM: a0067392.exe (ID = 185254)
3:35 AM: a0067930.exe (ID = 269648)
3:35 AM: a0067916.exe (ID = 269648)
3:35 AM: a0067899.exe (ID = 269648)
3:35 AM: a0067919.exe (ID = 269648)
3:35 AM: a0067922.exe (ID = 269648)
3:36 AM: a0067954.exe (ID = 215807)
3:36 AM: a0067923.exe (ID = 269648)
3:36 AM: a0067942.exe (ID = 269648)
3:36 AM: a0067949.exe (ID = 245110)
3:36 AM: a0067948.exe (ID = 245111)
3:37 AM: a0067910.exe (ID = 269648)
3:37 AM: a0067918.exe (ID = 269648)
3:37 AM: a0067908.exe (ID = 269648)
3:37 AM: a0067593.dll (ID = 159)
3:37 AM: a0067903.exe (ID = 269648)
3:37 AM: a0067462.exe (ID = 195130)
3:37 AM: a0067529.dll (ID = 268799)
3:37 AM: a0067406.exe (ID = 185254)
3:37 AM: a0067419.exe (ID = 185254)
3:37 AM: a0067431.exe (ID = 185254)
3:38 AM: a0067449.exe (ID = 185254)
3:38 AM: wnu_223.exe (ID = 268798)
3:38 AM: a0067460.exe (ID = 282441)
3:38 AM: dm.inf (ID = 53551)
3:38 AM: a0067530.exe (ID = 268995)
3:38 AM: a0067532.exe (ID = 268995)
3:38 AM: sskknwrd.dll (ID = 77733)
3:39 AM: a0067536.exe (ID = 268798)
3:39 AM: a0067589.dll (ID = 159)
3:39 AM: a0068068.exe (ID = 185254)
3:39 AM: a0067459.dll (ID = 282443)
3:40 AM: a0067940.exe (ID = 269648)
3:40 AM: command.exe (ID = 144946)
3:40 AM: a0067461.exe (ID = 283452)
3:40 AM: a0067386.dll (ID = 159)
3:41 AM: a0067366.exe (ID = 184143)
3:41 AM: a0067594.dll (ID = 159)
3:41 AM: a0067443.dll (ID = 159)
3:42 AM: a0067379.exe (ID = 184143)
3:42 AM: asappsrv.dll (ID = 144945)
3:42 AM: a0067955.exe (ID = 244430)
3:42 AM: a0067425.dll (ID = 159)
3:42 AM: a0067592.dll (ID = 159)
3:43 AM: a0067556.exe (ID = 168558)
3:44 AM: a0067586.dll (ID = 159)
3:44 AM: a0067353.exe (ID = 244278)
3:44 AM: a0067398.dll (ID = 159)
3:45 AM: tagasaurus.exe (ID = 244271)
3:46 AM: visfx500.exe (ID = 244295)
3:47 AM: a0067570.dll (ID = 159)
3:48 AM: a0067391.exe (ID = 184143)
3:49 AM: a0067568.exe (ID = 270029)
3:49 AM: a0067911.exe (ID = 269648)
3:49 AM: a0067588.dll (ID = 159)
3:49 AM: a0067941.exe (ID = 269648)
3:49 AM: a0067578.dll (ID = 159)
3:49 AM: a0067929.exe (ID = 269648)
3:49 AM: a0067405.exe (ID = 184143)
3:49 AM: a0067411.dll (ID = 159)
3:49 AM: a0067591.dll (ID = 163672)
3:49 AM: a0067374.dll (ID = 163672)
3:49 AM: a0067537.dll (ID = 159)
3:49 AM: a0067358.exe (ID = 267882)
3:49 AM: a0067590.dll (ID = 159)
3:50 AM: a0067417.exe (ID = 184143)
3:50 AM: a0067549.vbs (ID = 231442)
3:50 AM: a0067430.exe (ID = 184143)
3:50 AM: a0067448.exe (ID = 184143)
3:51 AM: sskcwrd.dll (ID = 77712)
3:51 AM: msnav32.ax (ID = 220229)
3:51 AM: a0068067.ini (ID = 188794)
3:51 AM: ma6cv21gurlwsz15w0.vbs (ID = 185675)
3:51 AM: a0067457.cfg (ID = 91140)
3:51 AM: Found System Monitor: potentially rootkit-masked files
3:51 AM: desktop.ini (ID = 0)
3:51 AM: desktop.ini (ID = 0)
3:52 AM: File Sweep Complete, Elapsed Time: 00:32:58
3:52 AM: Full Sweep has completed. Elapsed time 00:35:39
3:52 AM: Traces Found: 367
3:53 AM: Removal process initiated
3:53 AM: Quarantining All Traces: clkoptimizer
3:53 AM: Quarantining All Traces: look2me
3:53 AM: Quarantining All Traces: potentially rootkit-masked files
3:53 AM: potentially rootkit-masked files is in use. It will be removed on reboot.
3:53 AM: desktop.ini is in use. It will be removed on reboot.
3:53 AM: desktop.ini is in use. It will be removed on reboot.
3:53 AM: Quarantining All Traces: purityscan
3:53 AM: Quarantining All Traces: rbot
3:54 AM: Quarantining All Traces: trojan downloader matcash
3:54 AM: Quarantining All Traces: visfx
3:54 AM: Quarantining All Traces: comet cursor
3:54 AM: Quarantining All Traces: dollarrevenue
3:54 AM: Quarantining All Traces: enbrowser
3:54 AM: Quarantining All Traces: internetoptimizer
3:54 AM: Quarantining All Traces: maxifiles
3:54 AM: Quarantining All Traces: surfsidekick
3:54 AM: Quarantining All Traces: zquest
3:54 AM: Quarantining All Traces: command
3:54 AM: Quarantining All Traces: findthewebsiteyouneed hijack
3:54 AM: Quarantining All Traces: targetsaver
3:54 AM: Quarantining All Traces: webhancer
3:54 AM: Quarantining All Traces: zenosearchassistant
3:54 AM: Quarantining All Traces: 2o7.net cookie
3:54 AM: Quarantining All Traces: addynamix cookie
3:54 AM: Quarantining All Traces: adknowledge cookie
3:54 AM: Quarantining All Traces: advertising cookie
3:54 AM: Quarantining All Traces: ask cookie
3:54 AM: Quarantining All Traces: atlas dmt cookie
3:54 AM: Quarantining All Traces: atwola cookie
3:54 AM: Quarantining All Traces: burstbeacon cookie
3:54 AM: Quarantining All Traces: burstnet cookie
3:54 AM: Quarantining All Traces: casalemedia cookie
3:54 AM: Quarantining All Traces: coremetrics cookie
3:54 AM: Quarantining All Traces: falkag cookie
3:54 AM: Quarantining All Traces: fastclick cookie
3:54 AM: Quarantining All Traces: maxserving cookie
3:54 AM: Quarantining All Traces: mediaplex cookie
3:54 AM: Quarantining All Traces: nextag cookie
3:54 AM: Quarantining All Traces: onestat.com cookie
3:54 AM: Quarantining All Traces: pointroll cookie
3:54 AM: Quarantining All Traces: questionmarket cookie
3:54 AM: Quarantining All Traces: realmedia cookie
3:54 AM: Quarantining All Traces: ru4 cookie
3:54 AM: Quarantining All Traces: serving-sys cookie
3:54 AM: Quarantining All Traces: specificclick.com cookie
3:54 AM: Quarantining All Traces: tacoda cookie
3:54 AM: Quarantining All Traces: tribalfusion cookie
3:54 AM: Quarantining All Traces: yieldmanager cookie
3:54 AM: Quarantining All Traces: zedo cookie
3:55 AM: Preparing to restart your computer. Please wait...
3:55 AM: Removal process completed. Elapsed time 00:01:47
********
3:14 AM: | Start of Session, Saturday, April 29, 2006 |
3:14 AM: Spy Sweeper started
3:15 AM: Your spyware definitions have been updated.
3:16 AM: | End of Session, Saturday, April 29, 2006 |
  • 0

Advertisements

#26
RiP
Posted 29 April 2006 - 07:45 AM

RiP

    Malware Expert

  • Retired Staff
  • 8,430 posts
Hello, twism7.

The original Tagasaurus is still on my desktop, as well as a link to Titan Poker. When I put the mouse over the icon, it displays:
http://www.clicklinkc.net/icon.php?...
There are some strange things in my C: such as visfx500 as well as some *.$$$ files.

Is all of this stuff still there, or has SpySweeper since removed it?
  • 0

#27
twism7
Posted 29 April 2006 - 12:31 PM

twism7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hello RiP ChAiN,

Thank you again for your quick response. Below is an update. Thanks for your time.

-John


An update on how your computer is running
The original Tagasaurus is removed!
Titan Poker is still there, but it is just a link. Should I delete it?
The strange things like visfx500 are removed!
There is still a *.$$$ file. Is it ok?

Edited by twism7, 29 April 2006 - 12:32 PM.

  • 0

#28
RiP
Posted 29 April 2006 - 12:41 PM

RiP

    Malware Expert

  • Retired Staff
  • 8,430 posts
Yes, delete the Titan Poker link. For the *.$$$ file do the following:

Jotti File Submission:
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
    • C:\WINDOWS\SYSTEM\AnyFile.exe <-- replace that with the file in question's location.
  • Click on the submit button
  • Please post the results in your next reply.

Edited by __RiP_ChAiN_, 29 April 2006 - 12:42 PM.

  • 0

#29
twism7
Posted 30 April 2006 - 01:32 AM

twism7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hello RiP ChAiN,

Thank you again for your quick response. Below is my Jotti's results. Thanks for your time.

-John

Jotti's
The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file
  • 0

#30
RiP
Posted 30 April 2006 - 11:39 AM

RiP

    Malware Expert

  • Retired Staff
  • 8,430 posts
Hello, twism7.

Ok, the file in question is probably just a hidden windows file, not of any harm.

Congratulations, your HijackThis log is now clean!

First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
* CHECK the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Reenable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

here are some additional utilities that will enhance your safety
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
  • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
    Using Winpatrol to protect your computer from malicious software

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP